Bug 1076537 – VUL-0: CVE-2017-13220: kernel-source: An elevation of privilege vulnerability in the Upstream kernel bluez. Product:Android. Versions: Android kernel. Android ID: A-63527053.

Bug 1076537 - (CVE-2017-13220) VUL-0: CVE-2017-13220: kernel-source: An elevation of privilege vulnerability in the Upstream kernel bluez. Product:Android. Versions: Android kernel. Android ID: A-63527053.

(CVE-2017-13220)
Summary:	VUL-0: CVE-2017-13220: kernel-source: An elevation of privilege vulnerability...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/198239/
Whiteboard:	CVSSv3:SUSE:CVE-2017-13220:5.3:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-01-18 10:19 UTC by Marcus Meissner
Modified:	2020-06-09 07:35 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-01-18 10:19:52 UTC

CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel bluez. Product:
Android. Versions: Android kernel. Android ID: A-63527053.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13220

Comment 1 Marcus Meissner 2018-01-18 10:20:19 UTC

https://source.android.com/security/bulletin/pixel/2018-01-01

so far not public. need to revisit when it becomes public.

Comment 2 Marcus Meissner 2018-04-10 09:25:47 UTC

There was a flaw CVE-2017-13220 / Android A-63527053 reported in Android
security bulletin with not much of public details:

https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components

Per discussion with Android security developer this flaw is related to
an upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe
use of l2cap_pi()").

Red Hat is handling this flaw in:

https://bugzilla.redhat.com/show_bug.cgi?id=1536155

I believe the other distributions may want to update the related bug pages
with the info above:

https://bugzilla.suse.com/show_bug.cgi?id=1076537
https://security-tracker.debian.org/tracker/CVE-2017-13220
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Comment 3 Marcus Meissner 2018-04-10 09:46:13 UTC

I think 51bda2bca53b is the fix, which is in 3.19+

Comment 4 Takashi Iwai 2018-04-10 09:54:57 UTC

OK, then it's only for cve/linux-3.12 and older branches.
The fix itself is very trivial, so I'll try to backport.

Comment 5 Takashi Iwai 2018-04-10 10:08:12 UTC

Pushed to cve/linux-3.12.

cve/linux-3.0 and earlier has no relevant code, so it's unlikely vulnerable (if the patch is the only source).

Back to security team.

Comment 6 Swamp Workflow Management 2018-05-11 19:08:09 UTC

SUSE-SU-2018:1220-1: An update that solves 11 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1083275,1084536,1085279,1085331,1086162,1086194,1087088,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.88.1

Comment 7 Swamp Workflow Management 2018-05-11 19:11:13 UTC

SUSE-SU-2018:1221-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1084536,1085331,1086162,1087088,1087209,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.128.1, kernel-source-3.12.61-52.128.1, kernel-syms-3.12.61-52.128.1, kernel-xen-3.12.61-52.128.1, kgraft-patch-SLE12_Update_34-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.128.1

Comment 8 Marcus Meissner 2018-08-29 08:55:14 UTC

released