Bug 905764

Summary: VUL-0: kernel: ttusb-dec: buffer overflow in ioctl
Product: [openSUSE] openSUSE 12.3 Reporter: Oliver Neukum <oneukum>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, oneukum
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: SLED 12   
Whiteboard: CVSSv2:NVD:CVE-2014-8884:6.1:(AV:L/AC:L/Au:N/C:P/I:P/A:C) CVSSv2:RedHat:CVE-2014-8884:6.0:(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 904876    
Bug Blocks: 905522, 905739, 905744, 905748    

Description Oliver Neukum 2014-11-17 15:21:29 UTC 
+++ This bug was initially created as a clone of Bug #904876 +++

This is from upstream. This buffer can be overflown from an ioctl. The fix is available upstream. It has not gone into stable.

commit f2e323ec96077642d397bb1c355def536d489d16
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date:   Fri Sep 5 09:09:28 2014 -0300

    [media] ttusb-dec: buffer overflow in ioctl
    
    We need to add a limit check here so we don't overflow the buffer.

The current SLE12 kernel does not have the fix. It can be triggered only if you have the hardware.
Comment 1 Oliver Neukum 2014-11-17 15:48:19 UTC 
Fix added to tree
Comment 2 Swamp Workflow Management 2014-11-17 23:01:13 UTC 
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2014-12-19 18:09:09 UTC 
openSUSE-SU-2014:1669-1: An update that solves 22 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 768714,818561,835839,853040,865882,882639,883518,883724,883948,887082,889173,890624,892490,896382,896385,896390,896391,896392,896689,899785,904013,904700,905100,905764,907818,909077,910251
CVE References: CVE-2013-2889,CVE-2013-2891,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.45.2, kernel-source-3.7.10-1.45.1, kernel-syms-3.7.10-1.45.1