Bug 1192345 - (CVE-2021-3736) VUL-0: CVE-2021-3736: kernel-source-rt,kernel-source,kernel-source-azure: uninitialized kernel stack may lead to information disclosure
(CVE-2021-3736)
VUL-0: CVE-2021-3736: kernel-source-rt,kernel-source,kernel-source-azure: uni...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Kernel Bugs
Security Team bot
https://smash.suse.de/issue/314138/
CVSSv3.1:SUSE:CVE-2021-3736:3.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-04 13:14 UTC by Gianluca Gabrielli
Modified: 2021-12-03 09:09 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-11-04 13:14:28 UTC
A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices.  This flaw could allow a local attacker to leak internal kernel information.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1995570
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3736
Comment 1 Gianluca Gabrielli 2021-11-04 13:16:28 UTC
Technical details are not yet made public, I will monitor it and post updates as soon as possible.
Comment 2 Gianluca Gabrielli 2021-11-09 10:57:41 UTC
I think the fixing commit should be de5494af4815a4c9328536c72741229b7de88e7f, which in turn addresses 681c1615f8914451cfd432ad30e2f307b6490542.

If my assumption is correct, the branches containing the offended commit are:
 - SLE15-SP4
 - stable

which also contains the fixing commit.

@kernel-team: can you also provide your feedback here?

Thanks
Comment 3 Takashi Iwai 2021-11-09 11:04:02 UTC
Too little information to judge, but that's the only change seen in the relevant code path, and the description matches with it, so it's very likely the case.
Comment 4 Gianluca Gabrielli 2021-11-30 13:27:18 UTC
(In reply to Takashi Iwai from comment #3)
> Too little information to judge, but that's the only change seen in the
> relevant code path, and the description matches with it, so it's very likely
> the case.

From RH [0] they agree about the fixing commit.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1995570#c7
Comment 5 Borislav Petkov 2021-12-03 08:51:38 UTC
Wait a minute - this is a fix for code in samples/ which is toy stuff and we have in the three latest branches I checked

# CONFIG_SAMPLES is not set

so why do we even bother with this?
Comment 6 Gianluca Gabrielli 2021-12-03 09:09:06 UTC
(In reply to Borislav Petkov from comment #5)
> Wait a minute - this is a fix for code in samples/ which is toy stuff and we
> have in the three latest branches I checked
> 
> # CONFIG_SAMPLES is not set
> 
> so why do we even bother with this?

You are right, CONFIG_SAMPLES is not set both for SLES and openSUSE configs. I agree with you and we can close this issue as WONTFIX. Thanks for your feedback.