Bug 996563 - (CVE-2016-7118) VUL-0: CVE-2016-7118: kernel: Kernel Oops when issuing fcntl on an AUFS directory
(CVE-2016-7118)
VUL-0: CVE-2016-7118: kernel: Kernel Oops when issuing fcntl on an AUFS direc...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/172266/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-31 15:57 UTC by Alexander Bergmann
Modified: 2016-08-31 15:58 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-08-31 15:57:35 UTC
CVE-2016-7118

This bug was opened only for reference. 

Neither SLE nor openSUSE are affected as AUFS is not available.


http://seclists.org/oss-sec/2016/q3/397

Marcin Szewczyk reported and diagnosed a bug in Debian's kernel
packages that allows a denial of service (crash) by local users with
access to an aufs filesystem.  The bug is in a Debian-specific patch,
not the upstream kernel or aufs code.

The current version in Debian 7 'wheezy' (3.2.81-1) and the current proposed update to Debian 8 'jessie' (3.16.36-1 are affected.

Ben.

> the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
> fcntl support code (#627782) which unfortunately results in a kernel
> Oops when the fcntl is called on a directory. This breaks e.g. copying
> files from an AUFS filesystem on a remote machine using scp.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7118
http://seclists.org/oss-sec/2016/q3/397
Comment 1 Alexander Bergmann 2016-08-31 15:58:08 UTC
Closing as invalid.