Bug 1088241 – VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2fs/data.c in the Linux kernel before4.11 allows local users to cause a denial of service (integer overflow andloop) via crafted use of the open and fallocate syst

Bug 1088241 - (CVE-2017-18257) VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2fs/data.c in the Linux kernel before4.11 allows local users to cause a denial of service (integer overflow andloop) via crafted use of the open and fallocate syst

(CVE-2017-18257)
Summary:	VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2f...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/203136/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-04-05 06:01 UTC by Marcus Meissner
Modified:	2018-10-18 17:42 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-04-05 06:01:43 UTC

CVE-2017-18257

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before
4.11 allows local users to cause a denial of service (integer overflow and
loop) via crafted use of the open and fallocate system calls with an
FS_IOC_FIEMAP ioctl.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18257
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18257.html

Comment 1 Marcus Meissner 2018-04-05 06:02:01 UTC

this is not enabled in SLE kernels, but on leap.

Comment 2 Takashi Iwai 2018-04-05 10:17:12 UTC

The upstream fix commit b86e33075ed1909d8002745b56ecf73b833db143
    f2fs: fix a dead loop in f2fs_fiemap()

Jan, could you care this one?

Comment 4 Jan Kara 2018-04-10 15:52:33 UTC

OK, pushed the fix to users/jack/cve/linux-4.4/for-next, in kernel 3.12 f2fs does not have fiemap support so the bug isn't there. 4.12 has the bug already fixed. So nothing else needs to be backported from my side.

Reassigning to security team for further handling.

Comment 5 Swamp Workflow Management 2018-04-23 19:17:50 UTC

SUSE-SU-2018:1048-1: An update that solves 5 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075428,1076033,1077560,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088241,1088267,1088313,1088324,1088600,1088684,1088871,802154
CVE References: CVE-2017-18257,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.126-94.22.1, kernel-obs-build-4.4.126-94.22.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_11-1-4.5.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.126-94.22.1

Comment 6 Marcus Meissner 2018-04-24 05:43:27 UTC

will be also in 42.3 soon

Comment 7 Swamp Workflow Management 2018-05-08 22:19:38 UTC

SUSE-SU-2018:1173-1: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.73.1

Comment 13 Xuanke Han 2018-07-17 02:45:40 UTC

Hi, does it affect on SLES11? such as sles11-sp1, sles11-sp3? Thanks.

Comment 14 Jan Kara 2018-07-17 12:11:09 UTC

Please read comment 4. The code where the bug was is not present in 3.12, even less so in 3.0 or older kernels.

Comment 15 Swamp Workflow Management 2018-10-18 17:42:18 UTC

SUSE-SU-2018:1173-2: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1