Bugzilla – Bug 1190606
VUL-0: CVE-2021-3802: udisks2: udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
Last modified: 2022-09-22 09:34:26 UTC
Several user-accessible mount helpers use insecure defaults which allow ext2/3/4 file systems to cause a denial of service (kernel panic) upon mounting a crafted image. This is especially relevant when mounts can be caused by unprivileged users or are configured to happen automatically and completely unauthorized. External Reference: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt References: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3802
No details as of 2021-09-17
Details are now public [0]. Upstream fix [1] can only be applied to the 2.9.x branch, but seems that older versions are also affected, as using the reproducer in SLE12 and SLE15 VMs hangs the system. Tracking as affected: - SUSE:SLE-12:Update udisks2 2.1.3 - SUSE:SLE-15-SP2:Update udisks2 2.8.1 - SUSE:SLE-15:Update udisks2 2.6.5 - openSUSE:Factory udisks2 2.9.2 [0] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt [1] https://github.com/storaged-project/udisks/commit/93f440c8409eec28739efb1598874543267b8d1e
SUSE:SLE-15-SP4:Update is also affected.
(In reply to Thomas Leroy from comment #5) > SUSE:SLE-15-SP4:Update is also affected. Thanks for the hint, I've submitted to 15SP4.
SUSE-SU-2022:1919-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1190606 CVE References: CVE-2021-3802 JIRA References: Sources used: openSUSE Leap 15.4 (src): udisks2-2.9.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): udisks2-2.9.2-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
updates are release, reassigning to security team to wrap it up
I think this is still missing in: SUSE:SLE-12:Update SUSE:SLE-15:Update SUSE:SLE-15-SP2:Update Could you have a look and submit there?
(In reply to Hu from comment #10) > I think this is still missing in: > SUSE:SLE-12:Update > SUSE:SLE-15:Update > SUSE:SLE-15-SP2:Update > > Could you have a look and submit there? According to: https://www.suse.com/lifecycle, these versions are out of general support. That means only critical security issues will be fixed. According to: https://www.suse.com/support/kb/doc/?id=000018318 a denial of service attack is a moderate security issue. The config file parser for the upstream patch was introduced with udisks-2.9.0. Older versions don't have default mount options for ext2/3/4 at all. Therefore, unexpected side effects of a backport are very possible. Furthermore, introducing that now into the old versions will change the behaviour and the user experience. I can try the backport to SLE15SP3, which is still under general support but for the older SLE versions, I deem it not feasible. Gabriele, do you agree?
SUSE-SU-2022:3154-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1098797,1190606 CVE References: CVE-2021-3802 JIRA References: Sources used: openSUSE Leap 15.3 (src): udisks2-2.8.1-150200.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): udisks2-2.8.1-150200.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3160-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1098797,1190606 CVE References: CVE-2021-3802 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): udisks2-2.1.3-3.8.1 SUSE OpenStack Cloud 9 (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Server 12-SP5 (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): udisks2-2.1.3-3.8.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): udisks2-2.1.3-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Released, closing