Bug 1057389 - (CVE-2017-1000251) VUL-0: CVE-2017-1000251: kernel-source: bluetooth l2cap remote (bluetooth) code execution
(CVE-2017-1000251)
VUL-0: CVE-2017-1000251: kernel-source: bluetooth l2cap remote (bluetooth) co...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Major
: ---
Assigned To: Al Cho
Security Team bot
https://smash.suse.de/issue/191511/
CVSSv2:SUSE:CVE-2017-1000251:7.9:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-06 12:06 UTC by Marcus Meissner
Modified: 2022-12-23 11:18 UTC (History)
15 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
patch.asc (11.99 KB, patch)
2017-09-08 12:50 UTC, Marcus Meissner
Details | Diff
master/stable fix (12.37 KB, patch)
2017-09-13 06:26 UTC, Jiri Slaby
Details | Diff
patch from upstream (torvalds/linux.git) (11.71 KB, patch)
2017-09-14 08:59 UTC, Al Cho
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2017-09-08 09:30:55 UTC
CRD: 2017-09-12
Comment 6 Marcus Meissner 2017-09-08 12:50:38 UTC
Created attachment 739978 [details]
patch.asc

patch attached to the email.

security@kernel.org might of course be improving upon it
Comment 7 Marcus Meissner 2017-09-09 13:06:56 UTC
CVE-2017-1000251 was assigned
Comment 9 Marcus Meissner 2017-09-11 09:32:56 UTC
The plan is for september 12 to publish this issue set, both userland and kernel.

But please wait for it to land in mainline git and/or announced by us that before you do any public work.
Comment 11 Johannes Segitz 2017-09-12 13:53:17 UTC
Codename: BlueBorne

Triggered EMU for this. Keeping the bug private for now since I'm not sure if everything is already public
Comment 12 Vítězslav Čížek 2017-09-12 14:39:53 UTC
There's now a technical document available at
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
It describes the bugs in the code, we should consider this issue public.
Comment 14 Takashi Iwai 2017-09-12 20:41:41 UTC
Due to the urgency, I did a quick hack, just applied the given patch to SLE12-SP2 and SP3 branches.
The tentative fix patch is found in users/tiwai/SLE12-SP2/bsc1057389-fastpath and users/tiwai/SLE12-SP3/bsc1057389-fastpath branches.  Attached in below.

The test kernel packages are being built in IBS home:tiwai:kernel-sle12-sp2-fastpath and IBS home:tiwai:kernel-sle12-sp3-fastpath repos.

Can anyone test it once when the build finishes?
Comment 16 Jiri Slaby 2017-09-13 06:26:52 UTC
Created attachment 740447 [details]
master/stable fix

Huh, that patch was in a bad shape.

This is what I pushed to master/for-next and stable/for-next. Let's see if it works.
Comment 17 Takashi Iwai 2017-09-13 07:04:36 UTC
Did anyone verify the vulnerability?

I pushed the fix to SLE12-SP2 and SP3 branches now, and the repos are ready for submission, but these are totally untested.
Comment 25 Bernhard Wiedemann 2017-09-13 14:03:14 UTC
This is an autogenerated message for OBS integration:
This bug (1057389) was mentioned in
https://build.opensuse.org/request/show/525854 42.2 / kernel-source
https://build.opensuse.org/request/show/525855 42.3 / kernel-source
Comment 26 Al Cho 2017-09-14 08:59:15 UTC
Created attachment 740621 [details]
patch from upstream (torvalds/linux.git)
Comment 28 Swamp Workflow Management 2017-09-14 13:07:33 UTC
SUSE-SU-2017:2459-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1057389
CVE References: CVE-2017-1000251
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.60.1, kernel-source-3.12.74-60.64.60.1, kernel-syms-3.12.74-60.64.60.1, kernel-xen-3.12.74-60.64.60.1, kgraft-patch-SLE12-SP1_Update_21-1-2.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.60.1, kernel-source-3.12.74-60.64.60.1, kernel-syms-3.12.74-60.64.60.1, kernel-xen-3.12.74-60.64.60.1, kgraft-patch-SLE12-SP1_Update_21-1-2.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.60.1, kernel-source-3.12.74-60.64.60.1, kernel-syms-3.12.74-60.64.60.1, kernel-xen-3.12.74-60.64.60.1, kgraft-patch-SLE12-SP1_Update_21-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.60.1
Comment 29 Jiri Slaby 2017-09-15 07:12:45 UTC
commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
Author: Ben Seri <ben@armis.com>
Date:   Sat Sep 9 23:15:59 2017 +0200

    Bluetooth: Properly check L2CAP config option output buffer length

Contained in 4.13.2, 4.12.13 and 4.4.88 already.
Comment 32 Swamp Workflow Management 2017-09-15 13:11:50 UTC
openSUSE-SU-2017:2494-1: An update that solves three vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1012829,1021424,1022743,1024405,1031717,1035479,1036060,1038583,1046529,1048893,1048912,1049361,1049580,1054654,1056261,1056849,1056982,1057015,1057031,1057035,1057038,1057047,1057067,1057389,1057849,1058116,971975,981309
CVE References: CVE-2017-1000251,CVE-2017-11472,CVE-2017-14106
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.87-25.1, kernel-default-4.4.87-25.1, kernel-docs-4.4.87-25.2, kernel-obs-build-4.4.87-25.1, kernel-obs-qa-4.4.87-25.1, kernel-source-4.4.87-25.1, kernel-syms-4.4.87-25.1, kernel-vanilla-4.4.87-25.1
Comment 33 Swamp Workflow Management 2017-09-15 13:18:24 UTC
openSUSE-SU-2017:2495-1: An update that solves 5 vulnerabilities and has 32 fixes is now available.

Category: security (important)
Bug References: 1012829,1020645,1020657,1021424,1022743,1024405,1030850,1031717,1031784,1034048,1038583,1047487,1048155,1048893,1048934,1049226,1049580,1051790,1052580,1052888,1053117,1053802,1053915,1053919,1054084,1055013,1055096,1055359,1056261,1056588,1056827,1056982,1057015,1057389,1058116,971975,981309
CVE References: CVE-2017-1000251,CVE-2017-11472,CVE-2017-12134,CVE-2017-14051,CVE-2017-14106
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.87-18.29.1, kernel-default-4.4.87-18.29.1, kernel-docs-4.4.87-18.29.2, kernel-obs-build-4.4.87-18.29.1, kernel-obs-qa-4.4.87-18.29.1, kernel-source-4.4.87-18.29.1, kernel-syms-4.4.87-18.29.1, kernel-vanilla-4.4.87-18.29.1
Comment 35 Swamp Workflow Management 2017-09-18 16:10:24 UTC
SUSE-SU-2017:2521-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1057389
CVE References: CVE-2017-1000251
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.74-92.38.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.74-92.38.3, kernel-obs-build-4.4.74-92.38.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.74-92.38.1, kernel-source-4.4.74-92.38.1, kernel-syms-4.4.74-92.38.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.74-92.38.1, kernel-source-4.4.74-92.38.1, kernel-syms-4.4.74-92.38.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_13-1-2.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.74-92.38.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.74-92.38.1, kernel-source-4.4.74-92.38.1, kernel-syms-4.4.74-92.38.1
SUSE Container as a Service Platform ALL (src):    kernel-default-4.4.74-92.38.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.74-92.38.1
Comment 36 Swamp Workflow Management 2017-09-18 22:07:36 UTC
SUSE-SU-2017:2523-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1057389
CVE References: CVE-2017-1000251
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.82-6.6.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.82-6.6.3, kernel-obs-build-4.4.82-6.6.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.82-6.6.1, kernel-source-4.4.82-6.6.1, kernel-syms-4.4.82-6.6.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_2-1-2.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.82-6.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.82-6.6.1, kernel-source-4.4.82-6.6.1, kernel-syms-4.4.82-6.6.1
Comment 37 Swamp Workflow Management 2017-09-20 19:08:00 UTC
SUSE-SU-2017:2534-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1057389
CVE References: CVE-2017-1000251
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.92.1, kernel-source-3.12.61-52.92.1, kernel-syms-3.12.61-52.92.1, kernel-xen-3.12.61-52.92.1, kgraft-patch-SLE12_Update_27-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.92.1
Comment 38 Swamp Workflow Management 2017-09-21 19:16:43 UTC
SUSE-SU-2017:2548-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1057389
CVE References: CVE-2017-1000251
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.10.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.10.1, kernel-default-3.0.101-108.10.1, kernel-ec2-3.0.101-108.10.1, kernel-pae-3.0.101-108.10.1, kernel-ppc64-3.0.101-108.10.1, kernel-source-3.0.101-108.10.1, kernel-syms-3.0.101-108.10.1, kernel-trace-3.0.101-108.10.1, kernel-xen-3.0.101-108.10.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.10.1, kernel-pae-3.0.101-108.10.1, kernel-ppc64-3.0.101-108.10.1, kernel-trace-3.0.101-108.10.1, kernel-xen-3.0.101-108.10.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.10.1, kernel-default-3.0.101-108.10.1, kernel-ec2-3.0.101-108.10.1, kernel-pae-3.0.101-108.10.1, kernel-ppc64-3.0.101-108.10.1, kernel-trace-3.0.101-108.10.1, kernel-xen-3.0.101-108.10.1
Comment 41 Swamp Workflow Management 2017-10-10 16:19:48 UTC
SUSE-SU-2017:2694-1: An update that solves 8 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1013018,1024450,1031358,1036629,1037441,1037667,1037669,1037994,1039803,1040609,1042863,1045154,1047523,1050381,1050431,1051932,1052311,1052370,1053148,1053152,1053802,1053933,1054070,1054076,1054093,1054247,1054706,1055680,1056588,1057179,1057389,1058524,984530
CVE References: CVE-2017-1000112,CVE-2017-1000251,CVE-2017-10661,CVE-2017-12762,CVE-2017-14051,CVE-2017-14140,CVE-2017-14340,CVE-2017-8831
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.8.1, kernel-rt_trace-3.0.101.rt130-69.8.1, kernel-source-rt-3.0.101.rt130-69.8.1, kernel-syms-rt-3.0.101.rt130-69.8.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.8.1, kernel-rt_debug-3.0.101.rt130-69.8.1, kernel-rt_trace-3.0.101.rt130-69.8.1
Comment 42 Swamp Workflow Management 2017-11-08 20:26:58 UTC
SUSE-SU-2017:2956-1: An update that solves 17 vulnerabilities and has 113 fixes is now available.

Category: security (important)
Bug References: 1005917,1006180,1011913,1012382,1012829,1013887,1018419,1019151,1020645,1020657,1020685,1021424,1022476,1022743,1023175,1024405,1028173,1028286,1028819,1029693,1030552,1030850,1031515,1031717,1031784,1033587,1034048,1034075,1034762,1036303,1036632,1037344,1037404,1037994,1038078,1038583,1038616,1038792,1038846,1038847,1039354,1039915,1040307,1040351,1041958,1042286,1042314,1042422,1042778,1043652,1044112,1044636,1045154,1045563,1045922,1046682,1046821,1046985,1047027,1047048,1047096,1047118,1047121,1047152,1047277,1047343,1047354,1047487,1047651,1047653,1047670,1048155,1048221,1048317,1048891,1048893,1048914,1048934,1049226,1049483,1049486,1049580,1049603,1049645,1049882,1050061,1050188,1051022,1051059,1051239,1051399,1051478,1051479,1051556,1051663,1051790,1052049,1052223,1052311,1052365,1052533,1052580,1052709,1052773,1052794,1052888,1053117,1053802,1053915,1054084,1055013,1055096,1055359,1056261,1056588,1056827,1056982,1057015,1057389,1058038,1058116,1058507,963619,964063,964944,971975,974215,981309,988784,993890
CVE References: CVE-2017-1000111,CVE-2017-1000112,CVE-2017-1000251,CVE-2017-1000252,CVE-2017-1000365,CVE-2017-10810,CVE-2017-11472,CVE-2017-11473,CVE-2017-12134,CVE-2017-12154,CVE-2017-14051,CVE-2017-14106,CVE-2017-7518,CVE-2017-7533,CVE-2017-7541,CVE-2017-7542,CVE-2017-8831
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.88-18.1, kernel-rt_debug-4.4.88-18.1, kernel-source-rt-4.4.88-18.1, kernel-syms-rt-4.4.88-18.1
Comment 43 Al Cho 2017-12-13 07:15:37 UTC
Close this bug because already patched this CVE.
Comment 44 Swamp Workflow Management 2018-01-08 20:08:18 UTC
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245
CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1