Bugzilla – Bug 968014
VUL-0: CVE-2016-2550: kernel: unix: correctly track in-flight fds in sending process user_struct
Last modified: 2016-12-02 19:20:33 UTC
unix: correctly track in-flight fds in sending process user_struct
The commit referenced in the Fixes tag incorrectly accounted the
number of in-flight fds over a unix domain socket to the original
opener of the file-descriptor. This allows another process to
arbitrary deplete the original file-openers resource limit for the
maximum of open files.
CVE-2016-2550 was assigned to this issue.
bugbot adjusting priority
Introduced in 4.5-rc1, fixed in 4.5-rc4. However, first patch has been picked
into some stable branches as it's part of a CVE fix. As far as I can see,
Greg's stable 4.1 and 4.4 already have both (since 4.1.19 and 4.4.4). Factory
and SLE12-SP2 already have 4.4.4, openSUSE-42.1 is still on 4.1.18 and is
going to get the fix with 4.1.19. openSUSE-13.2 has neither.
First patch was also considered for stable 3.12 but didn't get in. Jiří, what
is the plan there?
(In reply to Michal Kubeček from comment #2)
> First patch was also considered for stable 3.12 but didn't get in. Jiří, what
> is the plan there?
I dropped it temporarily and put it onto TODO list to have both in at once:
Thank you. Let's wait until 4.1.19 with second patch gets into openSUSE-42.1
and both patches get into SLE12(-SP1), then we can close.
Fixed now in
openSUSE-13.2 doesn't need the fix as it never received a backport of
712f4aad406b ("unix: properly account for FDs passed over unix sockets")
SUSE-SU-2016:2976-1: An update that solves 13 vulnerabilities and has 87 fixes is now available.
Category: security (important)
Bug References: 1000189,1001419,1002165,1003077,1003344,1003568,1003677,1003866,1003925,1004517,1004520,1005857,1005896,1005903,1006917,1006919,1007944,763198,771065,799133,803320,839104,843236,860441,863873,865783,871728,907611,908458,908684,909077,909350,909484,909618,909994,911687,915183,920016,922634,922947,928138,929141,934760,951392,956514,960689,963655,967716,968010,968014,971975,971989,973203,974620,976867,977687,979514,979595,979681,980371,982218,982783,983535,983619,984102,984194,984992,985206,986337,986362,986365,986445,987565,988440,989152,989261,989764,989779,991608,991665,991923,992566,993127,993890,993891,994296,994436,994618,994759,994926,995968,996329,996664,997708,998399,998689,999584,999600,999907,999932
CVE References: CVE-2013-4312,CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-3841,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425
SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-88.3
SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-source-3.0.101-88.1, kernel-syms-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-88.1, kernel-default-3.0.101-88.1, kernel-ec2-3.0.101-88.1, kernel-pae-3.0.101-88.1, kernel-ppc64-3.0.101-88.1, kernel-trace-3.0.101-88.1, kernel-xen-3.0.101-88.1