Bug 974308 - (CVE-2016-3672) VUL-1: CVE-2016-3672: kernel: Unlimiting the stack not longer disables ASLR
(CVE-2016-3672)
VUL-1: CVE-2016-3672: kernel: Unlimiting the stack not longer disables ASLR
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/166442/
CVSSv2:SUSE:CVE-2016-3672:3.0:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-06 14:32 UTC by Johannes Segitz
Modified: 2018-07-03 21:15 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-06 14:32:22 UTC
CVE-2016-3672

Any user able to running 32-bit applications in a x86 machine can disable the ASLR by setting the RLIMIT_STACK resource to unlimited.

Details and (simple) fix are in 
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3672
http://seclists.org/oss-sec/2016/q2/16
Comment 1 Michal Hocko 2016-04-06 14:53:19 UTC
I remember there was a reason why the unlimited stack resulted in the legacy behavior. It had something to do with breakage of some applications. Do not remember any details. Jiri will remember probably.
Comment 2 Michal Hocko 2016-04-06 14:56:52 UTC
OK, this is what Ingo mentioned https://lkml.org/lkml/2016/3/11/116
He is not much more specific but considering this will be upstream I do not have strong objections to take it. If Jiri is OK with this I will port it to all affected branched.
Comment 3 Swamp Workflow Management 2016-04-06 22:00:53 UTC
bugbot adjusting priority
Comment 4 Michal Hocko 2016-05-16 06:42:19 UTC
pushed to openSUSE-{13.2,42.1}
SLE12{-SP1}
SLE12-SP2

The backport gets more and more hairy[1] when we go deeper into the history. Is this really worth the effort for 3.0 based and older kernels? Especially considering that this has been the state-of-art for quite some time without too many reports from the field...

[1] 3.0 needs two more additional patch df54d6fa5427 and 41aacc1eea645 and maybe even more...
Comment 5 Bernhard Wiedemann 2016-05-19 08:00:28 UTC
This is an autogenerated message for OBS integration:
This bug (974308) was mentioned in
https://build.opensuse.org/request/show/396719 42.1 / kernel-source
Comment 6 Michal Hocko 2016-06-06 07:17:40 UTC
Bounce back to the security team. As stated in comment 4, backport to 3.0 and older kernels is not really trivial and the security implications do no sound to justify a risky backport to LTSS branches. Let me know if you think otherwise, though.
Comment 7 Marcus Meissner 2016-06-07 08:45:09 UTC
Let us leave it out of the older (SLE11 and older), as they had less ASLR support than SLE12 anyway.
Comment 8 Swamp Workflow Management 2016-06-21 12:10:16 UTC
openSUSE-SU-2016:1641-1: An update that solves 19 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 945345,955654,963762,966245,966849,970506,971126,971799,973570,974308,975945,977198,978073,978401,978821,978822,979018,979213,979278,979548,979728,979867,979879,979913,980348,980371,980657,981058,981267,981344,982238,982239,982712,983143,983213,984460
CVE References: CVE-2013-7446,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3134,CVE-2016-3672,CVE-2016-3955,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4951,CVE-2016-5244
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.26-21.1, kernel-default-4.1.26-21.1, kernel-docs-4.1.26-21.2, kernel-ec2-4.1.26-21.1, kernel-obs-build-4.1.26-21.1, kernel-obs-qa-4.1.26-21.1, kernel-obs-qa-xen-4.1.26-21.1, kernel-pae-4.1.26-21.1, kernel-pv-4.1.26-21.1, kernel-source-4.1.26-21.1, kernel-syms-4.1.26-21.1, kernel-vanilla-4.1.26-21.1, kernel-xen-4.1.26-21.1
Comment 9 Swamp Workflow Management 2016-06-27 17:23:50 UTC
SUSE-SU-2016:1690-1: An update that solves 29 vulnerabilities and has 89 fixes is now available.

Category: security (important)
Bug References: 676471,880007,889207,899908,903279,928547,931448,940413,943989,944309,945345,947337,953233,954847,956491,956852,957805,957986,960857,962336,962846,962872,963193,963572,963762,964461,964727,965319,966054,966245,966573,966831,967251,967292,967299,967903,968010,968141,968448,968512,968667,968670,968687,968812,968813,969439,969571,969655,969690,969735,969992,969993,970062,970114,970504,970506,970604,970892,970909,970911,970948,970955,970956,970958,970970,971049,971124,971125,971126,971159,971170,971360,971600,971628,971947,972003,972174,972844,972891,972933,972951,973378,973556,973570,973855,974165,974308,974406,974418,974646,975371,975488,975533,975945,976739,976868,977582,977685,978401,978822,979169,979213,979419,979485,979548,979867,979879,980348,980371,981143,981344,982354,982698,983213,983318,983394,983904,984456
CVE References: CVE-2014-9717,CVE-2015-8816,CVE-2015-8845,CVE-2016-0758,CVE-2016-2053,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-5244
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.60-52.49.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.60-52.49.3, kernel-obs-build-3.12.60-52.49.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.60-52.49.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_14-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.60-52.49.1, kernel-source-3.12.60-52.49.1, kernel-syms-3.12.60-52.49.1, kernel-xen-3.12.60-52.49.1
Comment 12 Swamp Workflow Management 2016-08-02 14:20:30 UTC
SUSE-SU-2016:1937-1: An update that solves 24 vulnerabilities and has 76 fixes is now available.

Category: security (important)
Bug References: 662458,676471,897662,928547,944309,945345,947337,950998,951844,953048,953233,954847,956491,957805,957986,957990,958390,958463,960857,962742,962846,963762,964727,965087,966245,967640,968667,969016,970114,970506,970604,970609,970948,971049,971770,971947,972124,972933,973378,973499,973570,974165,974308,974620,974646,974692,975533,975772,975788,976739,976821,976868,977417,977582,977685,978401,978469,978527,978822,979169,979213,979347,979419,979485,979489,979521,979548,979867,979879,979922,980246,980348,980371,980706,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983394,983721,983904,983977,984148,984456,984755,985232,985978,986362,986569,986572,986811,988215,988498,988552
CVE References: CVE-2014-9717,CVE-2014-9904,CVE-2015-7833,CVE-2015-8539,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2847,CVE-2016-3672,CVE-2016-3707,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.61-60.18.1, kernel-compute_debug-3.12.61-60.18.1, kernel-rt-3.12.61-60.18.1, kernel-rt_debug-3.12.61-60.18.1, kernel-source-rt-3.12.61-60.18.1, kernel-syms-rt-3.12.61-60.18.1
Comment 13 Swamp Workflow Management 2016-08-19 12:14:36 UTC
SUSE-SU-2016:2105-1: An update that solves 21 vulnerabilities and has 55 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979074,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,980856,980883,981038,981143,981344,981597,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,984764,985232,985978,986362,986365,986569,986572,986573,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.62-60.62.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.62-60.62.3, kernel-obs-build-3.12.62-60.62.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.62-60.62.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_7-1-4.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.62-60.62.1, kernel-source-3.12.62-60.62.1, kernel-syms-3.12.62-60.62.1, kernel-xen-3.12.62-60.62.1
Comment 14 Swamp Workflow Management 2016-08-24 13:17:08 UTC
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3
Comment 15 Swamp Workflow Management 2016-08-29 18:14:03 UTC
openSUSE-SU-2016:2184-1: An update that solves 21 vulnerabilities and has 49 fixes is now available.

Category: security (important)
Bug References: 947337,950998,951844,953048,954847,956491,957990,962742,963655,963762,965087,966245,968667,970114,970506,971770,972933,973378,973499,974165,974308,974620,975531,975533,975772,975788,977417,978401,978469,978822,979213,979419,979485,979489,979521,979548,979681,979867,979879,979922,980348,980363,980371,981038,981143,981344,982282,982354,982544,982698,983143,983213,983318,983721,983904,983977,984148,984456,984755,985232,985978,986362,986365,986569,986572,986811,988215,988498,988552,990058
CVE References: CVE-2014-9904,CVE-2015-7833,CVE-2015-8551,CVE-2015-8552,CVE-2015-8845,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3672,CVE-2016-4470,CVE-2016-4482,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4805,CVE-2016-4997,CVE-2016-4998,CVE-2016-5244,CVE-2016-5828,CVE-2016-5829
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.32.2, crash-7.0.2-2.32.7, hdjmod-1.28-16.32.2, ipset-6.21.1-2.36.2, iscsitarget-1.4.20.3-13.32.2, kernel-debug-3.12.62-52.1, kernel-default-3.12.62-52.1, kernel-desktop-3.12.62-52.1, kernel-docs-3.12.62-52.2, kernel-ec2-3.12.62-52.1, kernel-pae-3.12.62-52.1, kernel-source-3.12.62-52.1, kernel-syms-3.12.62-52.1, kernel-trace-3.12.62-52.1, kernel-vanilla-3.12.62-52.1, kernel-xen-3.12.62-52.1, ndiswrapper-1.58-33.2, openvswitch-1.11.0-0.39.3, pcfclock-0.44-258.33.2, vhba-kmp-20130607-2.32.2, virtualbox-4.2.36-2.64.4, xen-4.3.4_10-65.3, xtables-addons-2.3-2.31.2