Bug 1069996 - (CVE-2017-16994) VUL-0: CVE-2017-16994: kernel-source: mincore() information leak
(CVE-2017-16994)
VUL-0: CVE-2017-16994: kernel-source: mincore() information leak
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Michal Hocko
Security Team bot
https://smash.suse.de/issue/195693/
CVSSv3:SUSE:CVE-2017-16994:4.0:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-27 20:16 UTC by Marcus Meissner
Modified: 2019-08-15 13:44 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-11-27 20:16:42 UTC
CVE-2017-16994

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16994
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c 
https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
Comment 1 Michal Hocko 2017-11-28 07:58:06 UTC
Fixes: 1e25a271c8ac ("mincore: apply page table walker on do_mincore()")

So this is 4.0+ material. We haven't backported it to older kernels AFAICS. SLE12-SP[23] already have the fix from the stable tree. I will push it to SLE15.
Comment 2 Michal Hocko 2017-11-28 08:15:52 UTC
done
Comment 3 Marcus Meissner 2017-11-28 08:41:11 UTC
have you added the CVE reference to patches.kernel.org in GIT for 12-SP2 and 12-SP3?
Comment 4 Michal Hocko 2017-11-28 09:20:14 UTC
(In reply to Marcus Meissner from comment #3)
> have you added the CVE reference to patches.kernel.org in GIT for 12-SP2 and
> 12-SP3?

I have now, thanks for the reminder.
Comment 5 Swamp Workflow Management 2017-12-18 11:17:27 UTC
openSUSE-SU-2017:3358-1: An update that solves 16 vulnerabilities and has 67 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012829,1017461,1021424,1022595,1022914,1024412,1027301,1030061,1031717,1037890,1046107,1050060,1050231,1053919,1056003,1056365,1056427,1056979,1057199,1058135,1060333,1060682,1061756,1062941,1063026,1063516,1064701,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068671,1068978,1068980,1068982,1069270,1069496,1069702,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071231,1071693,1071694,1071695,1071833,963575,964944,966170,966172,974590,979928,989261,996376
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.103-18.41.1, kernel-default-4.4.103-18.41.1, kernel-docs-4.4.103-18.41.1, kernel-obs-build-4.4.103-18.41.1, kernel-obs-qa-4.4.103-18.41.1, kernel-source-4.4.103-18.41.1, kernel-syms-4.4.103-18.41.1, kernel-vanilla-4.4.103-18.41.1
Comment 6 Swamp Workflow Management 2017-12-18 11:37:20 UTC
openSUSE-SU-2017:3359-1: An update that solves 17 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012523,1015336,1015337,1015340,1015342,1015343,1019675,1020412,1020645,1022595,1022607,1024346,1024373,1024376,1024412,1031717,1032150,1036489,1036800,1037404,1037838,1038299,1039542,1040073,1041873,1042268,1042957,1042977,1042978,1043017,1045404,1046054,1046107,1047901,1047989,1048317,1048327,1048356,1050060,1050231,1051406,1051635,1051987,1052384,1053309,1053919,1055272,1056003,1056365,1056427,1056587,1056596,1056652,1056979,1057079,1057199,1057820,1058413,1059639,1060333,1061756,1062496,1062835,1062941,1063026,1063349,1063516,1064206,1064320,1064591,1064597,1064606,1064701,1064926,1065101,1065180,1065600,1065639,1065692,1065717,1065866,1065959,1066045,1066175,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1066660,1066696,1066767,1066812,1066974,1067105,1067132,1067225,1067494,1067734,1067735,1067888,1067906,1068671,1068978,1068980,1068982,1069152,1069250,1069270,1069277,1069484,1069496,1069583,1069702,1069721,1069793,1069879,1069916,1069942,1069996,1070001,1070006,1070145,1070169,1070404,1070535,1070767,1070771,1070805,1070825,1070964,1071693,1071694,1071695,1071833,1072589,744692,789311,964944,966170,966172,969470,979928,989261,996376
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.103-36.1, kernel-default-4.4.103-36.1, kernel-docs-4.4.103-36.1, kernel-obs-build-4.4.103-36.1, kernel-obs-qa-4.4.103-36.1, kernel-source-4.4.103-36.1, kernel-syms-4.4.103-36.1, kernel-vanilla-4.4.103-36.1
Comment 7 Swamp Workflow Management 2017-12-21 17:29:23 UTC
SUSE-SU-2017:3398-1: An update that solves 15 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012523,1015336,1015337,1015340,1015342,1015343,1019675,1020412,1020645,1022595,1022607,1024346,1024373,1024376,1024412,1031717,1032150,1036489,1036800,1037404,1037838,1038299,1039542,1040073,1041873,1042268,1042957,1042977,1042978,1043017,1045404,1046054,1046107,1047901,1047989,1048317,1048327,1048356,1050060,1050231,1051406,1051635,1051987,1052384,1053309,1053919,1055272,1056003,1056365,1056427,1056587,1056596,1056652,1056979,1057079,1057199,1057820,1058413,1059639,1060333,1061756,1062496,1062835,1062941,1063026,1063349,1063516,1064206,1064320,1064591,1064597,1064606,1064701,1064926,1065101,1065180,1065600,1065639,1065692,1065717,1065866,1065959,1066045,1066175,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1066660,1066696,1066767,1066812,1066974,1067105,1067132,1067225,1067494,1067734,1067735,1067888,1067906,1068671,1068978,1068980,1068982,1069152,1069250,1069270,1069277,1069484,1069583,1069721,1069793,1069879,1069916,1069942,1069996,1070001,1070006,1070145,1070169,1070404,1070535,1070767,1070771,1070805,1070825,1070964,1071693,1071694,1071695,1071833,1072589,744692,789311,964944,966170,966172,969470,979928,989261,996376
CVE References: CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.103-6.33.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.103-6.33.1, kernel-obs-build-4.4.103-6.33.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.103-6.33.1, kernel-source-4.4.103-6.33.1, kernel-syms-4.4.103-6.33.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_6-1-4.3.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.103-6.33.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.103-6.33.1, kernel-source-4.4.103-6.33.1, kernel-syms-4.4.103-6.33.1
SUSE Container as a Service Platform ALL (src):    kernel-default-4.4.103-6.33.1
Comment 8 Swamp Workflow Management 2017-12-21 23:19:27 UTC
SUSE-SU-2017:3410-1: An update that solves 16 vulnerabilities and has 92 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012829,1017461,1020645,1021424,1022595,1022600,1022914,1024412,1025461,1027301,1028971,1030061,1031717,1034048,1037890,1046107,1050060,1050231,1053919,1055567,1056003,1056365,1056427,1056979,1057199,1058135,1059863,1060333,1060682,1060985,1061451,1061756,1062520,1062941,1062962,1063026,1063460,1063475,1063501,1063509,1063516,1063520,1063695,1064206,1064701,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068671,1068978,1068980,1068982,1069270,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071231,1071693,1071694,1071695,1071833,963575,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975,974590,979928,989261,996376
CVE References: CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-15265,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.103-92.53.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.103-92.53.1, kernel-obs-build-4.4.103-92.53.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_16-1-3.3.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.103-92.53.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.103-92.53.1
Comment 9 Swamp Workflow Management 2018-01-25 14:19:38 UTC
SUSE-SU-2018:0213-1: An update that solves 22 vulnerabilities and has 72 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012829,1012917,1021424,1022476,1022595,1024412,1027301,1031717,1039616,1046107,1047487,1050060,1050231,1056003,1056365,1056427,1056979,1057199,1060333,1060682,1061756,1062941,1063026,1063043,1063516,1064311,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068032,1068671,1068951,1068978,1068980,1068982,1069270,1069496,1069702,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071009,1071231,1071693,1071694,1071695,1071833,1072556,1072962,1073090,1073792,1073809,1073874,1073912,1074392,1074709,963575,964063,964944,966170,966172,969470,979928,989261
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7482,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.104-24.1, kernel-rt_debug-4.4.104-24.1, kernel-source-rt-4.4.104-24.1, kernel-syms-rt-4.4.104-24.1