Bug 979022 - (CVE-2016-4568) VUL-0: CVE-2016-4568: kernel: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing
(CVE-2016-4568)
VUL-0: CVE-2016-4568: kernel: [media] videobuf2-v4l2: Verify planes array in ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/168719/
CVSSv2:SUSE:CVE-2016-4568:4.4:(AV:L/A...
:
Depends on: 981516
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-09 09:01 UTC by Sebastian Krahmer
Modified: 2020-06-29 06:24 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Borislav Petkov 2016-05-13 10:20:16 UTC
Upstream patch is

2c1f6951a8a8 ("[media] videobuf2-v4l2: Verify planes array in buffer dequeueing")

and the one it fixes is

b0e0e1f83de3 ("[media] media: videobuf2: Prepare to divide videobuf2")

which is upstream since 4.4. Fix 2c1f6951a8a8 is tagged for stable and
since we haven't released 12PS2 yet, I'll wait for that fix to trickle
down with the stable updates.

Leaving it assigned to me until then.
Comment 3 Marcus Meissner 2016-05-25 06:30:46 UTC
does it affect older products?
Comment 4 Borislav Petkov 2016-05-25 08:57:57 UTC
problem introduced in kernel 4.4, so only sles12 sp2 affected.
Comment 5 Borislav Petkov 2016-06-07 09:38:35 UTC
Ok, looked again, so the revert is CC:stable and we'll get it eventually.

However, the problem the reverted was trying to fix still persists in

  b0e0e1f83de3 ("[media] media: videobuf2: Prepare to divide videobuf2")

but we'll get another fix which should also be CC:stable apparently.
Comment 6 Joerg Roedel 2016-07-20 10:56:18 UTC
FTR, the new fixes seem to be:

126f402 [media] vb2: core: Skip planes array verification if pb is NULL
83934b7 [media] videobuf2-v4l2: Verify planes array in buffer dequeueing

They are currently in linux-next, not yet upstream. Both are tagged for stable.
The second patch is identical to the original fix ('2c1f6951a8a8').
Comment 7 Borislav Petkov 2016-07-25 11:31:37 UTC
On their way upstream:

https://lkml.kernel.org/r/20160725081835.1812283e@recife.lan

Leaving it open until it lands in stable and then in 12SP2.
Comment 8 Borislav Petkov 2016-10-25 11:48:05 UTC
Ok, patches are in 12SP2, bouncing back.

FTR, the reason for this confusion is that the first patch:

  2c1f6951a8a8 [media] videobuf2-v4l2: Verify planes array in buffer dequeueing

was committed before this one:

  126f40298446 ("[media] vb2: core: Skip planes array verification if pb is NULL")

which caused the breakage on pb being NULL.

They're both in now so we should be good.
Comment 9 Marcus Meissner 2017-03-01 13:33:32 UTC
126f40298446 is in patches.kernel.org/patch-4.4.18-19

we released it in SLES 12 SP2 GA already.