Bug 1029314 - (CVE-2017-6874) VUL-0: CVE-2017-6874: kernel-source: Race condition in kernel/ucount.c
VUL-0: CVE-2017-6874: kernel-source: Race condition in kernel/ucount.c
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: E-mail List
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-03-14 11:23 UTC by Mikhail Kasimov
Modified: 2021-08-25 13:11 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-03-14 11:23:02 UTC
Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6874
Vulnerability Summary for CVE-2017-6874
Original release date: 03/14/2017
Last revised: 03/14/2017

This vulnerability has been received by the NVD and has not been analyzed.

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.
References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM
Name: https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
Hyperlink: https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88

External Source: CONFIRM
Name: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
Hyperlink: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
Comment 2 Neil Brown 2017-03-19 23:36:42 UTC
This bug was introduced in Linux 4.9 and fixed in 4.11-rc2
So only 4.9 and 4.10 are vulnerable.
Fix was tagged for -stable, so they won't be vulnerable for long.

'master' is already at 4.11-rc2, so it has the fix.
'stable' is at 4.10.4 which includes the fix.
No other SUSE/SLES kernels are newer than 4.4, and the commit which introduced
that bug hasn't been backported to any of them.

So: nothing to do here.