Bug 1019851 - (CVE-2017-2584) VUL-0: CVE-2017-2584: kernel-source: kvm: use after free in complete_emulated_mmio
(CVE-2017-2584)
VUL-0: CVE-2017-2584: kernel-source: kvm: use after free in complete_emulated...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-2584:5.2:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-13 11:59 UTC by Mikhail Kasimov
Modified: 2020-06-16 22:06 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-13 11:59:26 UTC
Ref: http://seclists.org/oss-sec/2017/q1/82
=============================================
  Hello,

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to a use after free flaw. It could occur on x86 platform, when emulating instructions fxsave, fxrstor, sgdt, etc.


A user/process could use this flaw to crash the host kernel resulting in DoS.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kvm/msg143571.html

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1413001

'CVE-2017-2584' is assigned to this issue by Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================


=============================================
Comment 1 Swamp Workflow Management 2017-01-13 23:00:57 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-01-16 16:56:59 UTC
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d

fixed in v4.10-rc4

> Fixes: 96051572c819194c37a8367624b285be10297eca

which appeared in v3.6

> Fixes: 283c95d0e3891b64087706b344a4b545d04a6e62

which appeared v4.10-rc1 (probably dependent patch)

Affects the SLE 12 kernels.
Comment 3 Andreas Stieger 2017-01-16 16:59:20 UTC
(In reply to Andreas Stieger from comment #2)
> > Fixes: 283c95d0e3891b64087706b344a4b545d04a6e62
> 
> which appeared v4.10-rc1 (probably dependent patch)

From http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d

> Since commit 283c95d ("KVM: x86: emulate FXSAVE and FXRSTOR",
> 2016-11-09), which is luckily not yet in any final release, this would
> also be an exploitable kernel memory *write*!
Comment 4 Joerg Roedel 2017-01-20 14:42:39 UTC
Patch is backported to all relevant branches.
Comment 5 Joerg Roedel 2017-01-30 12:13:11 UTC
Assigning back to security-team
Comment 6 Swamp Workflow Management 2017-02-06 20:16:48 UTC
SUSE-SU-2017:0407-1: An update that solves 24 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008831,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011685,1012060,1012422,1012754,1012917,1012985,1013001,1013038,1013479,1013531,1013533,1013540,1013604,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8645,CVE-2016-8655,CVE-2016-9083,CVE-2016-9084,CVE-2016-9555,CVE-2016-9576,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.69-60.30.1, kernel-compute_debug-3.12.69-60.30.1, kernel-rt-3.12.69-60.30.1, kernel-rt_debug-3.12.69-60.30.1, kernel-source-rt-3.12.69-60.30.1, kernel-syms-rt-3.12.69-60.30.1
Comment 7 Swamp Workflow Management 2017-02-13 20:22:07 UTC
openSUSE-SU-2017:0456-1: An update that solves 11 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1000092,1000619,1003077,1003253,1005918,1006469,1006472,1007729,1008742,1009546,1009674,1009718,1009911,1009969,1010612,1010690,1011176,1011250,1011602,1011660,1011913,1012422,1012829,1012910,1013000,1013001,1013273,1013531,1013540,1013542,1013792,1013994,1014120,1014392,1014410,1014701,1014710,1015038,1015212,1015359,1015367,1015416,1015840,1016250,1016403,1016517,1016884,1016979,1017164,1017170,1017410,1017589,1018100,1018316,1018358,1018385,1018446,1018813,1018913,1019061,1019148,1019260,1019351,1019594,1019630,1019631,1019784,1019851,1020214,1020488,1020602,1020685,1020817,1020945,1020975,1021248,1021251,1021258,1021260,1021294,1021455,1021474,1022304,1022429,1022476,1022547,1022559,1022971,1023101,1023175,921494,959709,960561,964944,966170,966172,966186,966191,969474,969475,969756,971975,974215,979378,981709,985561,987192,987576,991273
CVE References: CVE-2015-8709,CVE-2016-7117,CVE-2016-8645,CVE-2016-9793,CVE-2016-9806,CVE-2016-9919,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.46-11.1, kernel-default-4.4.46-11.1, kernel-docs-4.4.46-11.3, kernel-obs-build-4.4.46-11.1, kernel-obs-qa-4.4.46-11.1, kernel-source-4.4.46-11.1, kernel-syms-4.4.46-11.1, kernel-vanilla-4.4.46-11.1
Comment 8 Swamp Workflow Management 2017-02-14 23:18:16 UTC
SUSE-SU-2017:0464-1: An update that solves 19 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1012060,1012422,1012917,1012985,1013001,1013038,1013479,1013531,1013540,1013542,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017589,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.69-60.64.29.3, kernel-obs-build-3.12.69-60.64.29.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.69-60.64.29.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_12-1-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1
Comment 9 Swamp Workflow Management 2017-02-15 20:13:04 UTC
SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943
CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.66.1
Comment 10 Swamp Workflow Management 2017-02-28 23:19:40 UTC
SUSE-SU-2017:0575-1: An update that solves 11 vulnerabilities and has 95 fixes is now available.

Category: security (important)
Bug References: 1000092,1000619,1003077,1005918,1006469,1006472,1007729,1008742,1009546,1009674,1009718,1009911,1010612,1010690,1010933,1011176,1011602,1011660,1011913,1012382,1012422,1012829,1012910,1013000,1013001,1013273,1013540,1013792,1013994,1014120,1014410,1015038,1015367,1015840,1016250,1016403,1016517,1016884,1016979,1017164,1017170,1017410,1018100,1018316,1018358,1018446,1018813,1018913,1019061,1019148,1019168,1019260,1019351,1019594,1019630,1019631,1019784,1019851,1020048,1020214,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021455,1021474,1022304,1022429,1022476,1022547,1022559,1022971,1023101,1023175,1023762,1023884,1023888,1024081,1024234,1024508,1024938,1025235,921494,959709,964944,969476,969477,969479,971975,974215,981709,982783,985561,987192,987576,989056,991273,998106
CVE References: CVE-2015-8709,CVE-2016-7117,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.49-92.11.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.49-92.11.3, kernel-obs-build-4.4.49-92.11.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.49-92.11.1, kernel-source-4.4.49-92.11.1, kernel-syms-4.4.49-92.11.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.49-92.11.1, kernel-source-4.4.49-92.11.1, kernel-syms-4.4.49-92.11.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_5-1-6.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.49-92.11.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.49-92.11.1, kernel-source-4.4.49-92.11.1, kernel-syms-4.4.49-92.11.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.49-92.11.1
Comment 11 Marcus Meissner 2017-03-02 14:19:35 UTC
released
Comment 12 Swamp Workflow Management 2017-04-01 13:07:54 UTC
openSUSE-SU-2017:0906-1: An update that solves 15 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1019851,1020602,1022785,1023377,1025235,1026722,1026914,1027066,1027178,1027179,1027189,1027190,1027565,1028415,1029986,1030118,1030573,968697
CVE References: CVE-2016-10200,CVE-2016-10208,CVE-2016-2117,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-5669,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6348,CVE-2017-6353,CVE-2017-7184
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.39-53.1, kernel-default-4.1.39-53.1, kernel-docs-4.1.39-53.2, kernel-ec2-4.1.39-53.1, kernel-obs-build-4.1.39-53.1, kernel-obs-qa-4.1.39-53.1, kernel-pae-4.1.39-53.1, kernel-pv-4.1.39-53.1, kernel-source-4.1.39-53.1, kernel-syms-4.1.39-53.1, kernel-vanilla-4.1.39-53.1, kernel-xen-4.1.39-53.1
Comment 13 Swamp Workflow Management 2017-07-28 13:22:22 UTC
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available.

Category: security (important)
Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1