Bug 1029314 - (CVE-2017-6874) VUL-0: CVE-2017-6874: kernel-source: Race condition in kernel/ucount.c
(CVE-2017-6874)
VUL-0: CVE-2017-6874: kernel-source: Race condition in kernel/ucount.c
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/181655/
CVSSv3.1:SUSE:CVE-2017-6874:5.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-14 11:23 UTC by Mikhail Kasimov
Modified: 2021-08-25 13:11 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-03-14 11:23:02 UTC
Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6874
===================================================================
Vulnerability Summary for CVE-2017-6874
Original release date: 03/14/2017
Last revised: 03/14/2017
Source: US-CERT/NIST
Received

This vulnerability has been received by the NVD and has not been analyzed.
Overview

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.
References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM
Name: https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
Hyperlink: https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88

External Source: CONFIRM
Name: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
Hyperlink: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
===================================================================
Comment 2 Neil Brown 2017-03-19 23:36:42 UTC
This bug was introduced in Linux 4.9 and fixed in 4.11-rc2
So only 4.9 and 4.10 are vulnerable.
Fix was tagged for -stable, so they won't be vulnerable for long.

'master' is already at 4.11-rc2, so it has the fix.
'stable' is at 4.10.4 which includes the fix.
No other SUSE/SLES kernels are newer than 4.4, and the commit which introduced
that bug hasn't been backported to any of them.

So: nothing to do here.