Bug 905739

Summary: VUL-0: kernel: ttusb-dec: buffer overflow in ioctl
Product: [openSUSE] openSUSE Distribution Reporter: Oliver Neukum <oneukum>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, oneukum
Version: 13.2   
Target Milestone: ---   
Hardware: x86-64   
OS: SLED 12   
Whiteboard: CVSSv2:NVD:CVE-2014-8884:6.1:(AV:L/AC:L/Au:N/C:P/I:P/A:C) CVSSv2:RedHat:CVE-2014-8884:6.0:(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 904876, 905744, 905748, 905764    
Bug Blocks: 905522    

Description Oliver Neukum 2014-11-17 12:59:57 UTC 
+++ This bug was initially created as a clone of Bug #904876 +++

This is from upstream. This buffer can be overflown from an ioctl. The fix is available upstream. It has not gone into stable.

commit f2e323ec96077642d397bb1c355def536d489d16
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Fri Sep 5 09:09:28 2014 -0300

    [media] ttusb-dec: buffer overflow in ioctl
    
    We need to add a limit check here so we don't overflow the buffer.

The current SLE12 kernel does not have the fix. It can be triggered only if you have the hardware.
Comment 1 Oliver Neukum 2014-11-17 15:47:16 UTC 
Fix added to tree
Comment 2 Swamp Workflow Management 2014-11-17 23:00:34 UTC 
bugbot adjusting priority
Comment 5 Swamp Workflow Management 2014-12-21 12:17:11 UTC 
openSUSE-SU-2014:1678-1: An update that solves 8 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 665315,856659,897112,897736,900786,902346,902349,902351,902632,902633,902728,903748,903986,904013,904097,904289,904417,904539,904717,904932,905068,905100,905329,905739,906914,907818,908163,908253,909077,910251
CVE References: CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 13.2 (src):    kernel-docs-3.16.7-7.2, kernel-obs-build-3.16.7-7.3, kernel-obs-qa-3.16.7-7.2, kernel-obs-qa-xen-3.16.7-7.2, kernel-source-3.16.7-7.1, kernel-syms-3.16.7-7.1