Bug 1184205 - (CVE-2021-29649) VUL-0: CVE-2021-29649: kernel-source-rt,kernel-source-azure,kernel-source: user mode driver (UMD) has a copy_process() memory leak
(CVE-2021-29649)
VUL-0: CVE-2021-29649: kernel-source-rt,kernel-source-azure,kernel-source: us...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/280757/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-31 09:06 UTC by Robert Frohl
Modified: 2022-06-09 08:43 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-03-31 09:06:41 UTC
CVE-2021-29649

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver
(UMD) has a copy_process() memory leak, related to a lack of cleanup steps in
kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka
CID-f60a85cad677.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29649
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
Comment 1 Gary Ching-Pang Lin 2021-03-31 09:37:09 UTC
The target, d71fa5c9763c, wasn't backported to SLE15-SP3, so the SLE kernel is probably not affected.
Comment 2 Robert Frohl 2021-03-31 10:03:33 UTC
f60a85cad677:
> Fixes: d71fa5c9763c ("bpf: Add kernel module with user mode driver that populates bpffs.")

Only seems to affect v5.10 and newer(In reply to Gary Ching-Pang Lin from comment #1)
> The target, d71fa5c9763c, wasn't backported to SLE15-SP3, so the SLE kernel
> is probably not affected.

Sorry, got distracted and was to slow to answer :)

I agree, only seems to affect v5.10 and newer
Comment 3 Robert Frohl 2021-03-31 10:04:22 UTC
(In reply to Robert Frohl from comment #2)
> I agree, only seems to affect v5.10 and newer

updated tracking to reflect this
Comment 5 Gary Ching-Pang Lin 2021-04-06 03:16:49 UTC
The stable tree is upgraded to 5.11.11 which contains the fix.
On the other hand, the fix is merged into mainline since 5.12-rc5. The master is upgraded to v5.12-rc6 recently, so both stable and master trees have the fix now.
Comment 7 Carlos López 2022-06-09 08:43:06 UTC
Done, closing.