First Last Prev Next    This bug is not in your last search results.
Bug 1136588 - (CVE-2019-12378) VUL-1: CVE-2019-12378: kernel-source: An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of servi
(CVE-2019-12378)
VUL-1: CVE-2019-12378: kernel-source: An issue was discovered in ip6_ra_contr...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/233864/
CVSSv3:SUSE:CVE-2019-12378:4.0:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-28 12:36 UTC by Marcus Meissner
Modified: 2019-07-01 14:38 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-05-28 12:36:12 UTC 
CVE-2019-12378

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the
Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might
allow an attacker to cause a denial of service (NULL pointer dereference and
system crash).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12378
https://lkml.org/lkml/2019/5/25/229
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825
Comment 1 Takashi Iwai 2019-05-28 12:57:45 UTC 
Another trivial NULL-check bug.  Not sure whether it deserves for handling as a "security bug", though.
Comment 2 Jiri Slaby 2019-07-01 08:44:43 UTC 
Well, it's not a bug IMO at all. The memory allocation failure is handled below by:
        if (!new_ra) {
                write_unlock_bh(&ip6_ra_lock);
                return -ENOBUFS;
        }
Comment 3 Jiri Slaby 2019-07-01 09:06:19 UTC 
And let's the security team handle this.

The upstream complaint:
https://lore.kernel.org/lkml/1b5f82ae-31a7-db36-dc9d-efc46cda2af3@suse.cz/
Comment 4 Jiri Slaby 2019-07-01 09:14:13 UTC 
This CVE is disputed on the mitre site.
"NOTE: This has been disputed as not an issue."
Comment 5 Michal Kubeček 2019-07-01 09:19:26 UTC 
Yes, it's the same case as bsc#1136593. And I think I've seen someone saying
that the same guy created some more "missing allocation failure check" CVEs
in other areas which were also bogus because the NULL pointer dereference wasn't
actually possible.
Comment 6 Marcus Meissner 2019-07-01 09:25:19 UTC 
yeah, most of his created CVEs have been disputed.
First Last Prev Next    This bug is not in your last search results.