Bug 1088241 - (CVE-2017-18257) VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2fs/data.c in the Linux kernel before4.11 allows local users to cause a denial of service (integer overflow andloop) via crafted use of the open and fallocate syst
(CVE-2017-18257)
VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2f...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/203136/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-05 06:01 UTC by Marcus Meissner
Modified: 2018-10-18 17:42 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-05 06:01:43 UTC
CVE-2017-18257

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before
4.11 allows local users to cause a denial of service (integer overflow and
loop) via crafted use of the open and fallocate system calls with an
FS_IOC_FIEMAP ioctl.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18257
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18257.html
Comment 1 Marcus Meissner 2018-04-05 06:02:01 UTC
this is not enabled in SLE kernels, but on leap.
Comment 2 Takashi Iwai 2018-04-05 10:17:12 UTC
The upstream fix commit b86e33075ed1909d8002745b56ecf73b833db143
    f2fs: fix a dead loop in f2fs_fiemap()

Jan, could you care this one?
Comment 4 Jan Kara 2018-04-10 15:52:33 UTC
OK, pushed the fix to users/jack/cve/linux-4.4/for-next, in kernel 3.12 f2fs does not have fiemap support so the bug isn't there. 4.12 has the bug already fixed. So nothing else needs to be backported from my side.

Reassigning to security team for further handling.
Comment 5 Swamp Workflow Management 2018-04-23 19:17:50 UTC
SUSE-SU-2018:1048-1: An update that solves 5 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075428,1076033,1077560,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088241,1088267,1088313,1088324,1088600,1088684,1088871,802154
CVE References: CVE-2017-18257,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.126-94.22.1, kernel-obs-build-4.4.126-94.22.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_11-1-4.5.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.126-94.22.1
Comment 6 Marcus Meissner 2018-04-24 05:43:27 UTC
will be also in 42.3 soon
Comment 7 Swamp Workflow Management 2018-05-08 22:19:38 UTC
SUSE-SU-2018:1173-1: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.73.1
Comment 13 Xuanke Han 2018-07-17 02:45:40 UTC
Hi, does it affect on SLES11? such as sles11-sp1, sles11-sp3? Thanks.
Comment 14 Jan Kara 2018-07-17 12:11:09 UTC
Please read comment 4. The code where the bug was is not present in 3.12, even less so in 3.0 or older kernels.
Comment 15 Swamp Workflow Management 2018-10-18 17:42:18 UTC
SUSE-SU-2018:1173-2: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1