Bugzilla – Bug 1032268
VUL-0: CVE-2016-10229: kernel-source: udp.c in the Linux kernel before 4.5 allows remote attackers to executearbitrary code via UDP traff...
Last modified: 2019-08-16 15:26:53 UTC
udp.c in the Linux kernel before 4.5 allows remote attackers to execute
arbitrary code via UDP traffic that triggers an unsafe second checksum
calculation during execution of a recv system call with the MSG_PEEK flag.
Michal ? Can you enlighten us quickly on this please.
Might just be in the stable kernel that android uses?
this seems to be a duplicate of bug 952587 aka CVE-2015-8019
I would rather say bsc#959364 but it's a bit complicated as there was a series
of three issues and (mainline) commit 197c949e7798 was create in response to
the last one but it actually works as a fix for the previous one as well.
Anyway, we already have it in cve/linux-3.12 via 3.12.53 stable update.
We also have it in SLE12-SP2 (via 4.4.21) but on kernels >= 3.19 it's rather
an optimization. The real problem only existed on kernels < 3.19 (before the
code was rewritten) where mainline commit 89c22d8c3b27 was backported.
At the moment, this only means cve/linux-3.12 and its consumers.
There is a possibility that also kernels >= 3.19 might be affected by some
security problem addressed by this patch which wasn't apparent at the time
it was submitted so I better check linked documents. The only branch that
would require a backport in such case would be openSUSE-42.1.
can you tag the stable commits in our trees? bin/addnote CVE-2016-10229 "This issue was fixed in the Linux Kernel 4.4.21 stable release, and so was fixed before SUSE Linux Enterprise Server 12 SP2 shipment. This issue was fixed in Linux Kernel 3.12.53 for SUSE Linux Enterprise Server 12 and 12 SP1. The problem does not affect Liunux Kernel 3.0 and older, so SUSE Linux Enterprise 11 and older products are not affected."
I added the references to cve/linux-3.12 branch. I'm kind of reluctant to add
them to 4.4 kernels as the issue (both the original one and the two follow-ups)
never actually existed in any kernel >= 3.19. The issue(s) only existed in
stable branches not containing Al Viro's rewrite (which came with 3.19) and
only after they received the backport of mainline commit 89c22d8c3b27 (which
was perfectly fine in 4.2-rc4 but caused problems when backported to pre-3.19
kernels). The reason why 197c949e7798 was added to mainline was optimization
(it prevents calculating the checksum twice for some packets).
But if the reference is needed to silence customers and their changelog based
check scripts, it wouldn't do any harm either (even if would be technically
Note from security:
This issue was fixed in the 3.12.53 stable update, without this CVE specifically mentioned. Newer 3.12.x kernels are not affected.
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available.
Category: security (important)
Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682
CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.101.1