922447 – (CVE-2011-5321) VUL-1: CVE-2011-5321: kernel: tty: kobject reference leakage in tty_open

Bug 922447 (CVE-2011-5321) - VUL-1: CVE-2011-5321: kernel: tty: kobject reference leakage in tty_open

Summary: VUL-1: CVE-2011-5321: kernel: tty: kobject reference leakage in tty_open

Status:	RESOLVED FIXED

Alias:	CVE-2011-5321

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Deadline:	2015-04-01
Assignee:	E-mail List
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp1:61314 CVSSv2...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-16 06:53 UTC by Marcus Meissner
Modified:	2017-09-20 14:38 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-03-16 06:53:55 UTC

public, via git and oss-sec

Hello,

Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable
to a NULL pointer dereference issue. It could occur while accessing pseudo
terminal device(/dev/pts/*) files.

An unprivileged user could use this flaw to crash the system kernel resulting
in DoS.

Upstream fix:
- -------------
   -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team

Comment 1 Marcus Meissner 2015-03-16 06:55:04 UTC

introduced in 2.6.28, fixed in 3.1

so SLE11 SP2/SP3 might be affected.

Comment 2 Marcus Meissner 2015-03-16 06:58:01 UTC

The fix is in patches.kernel.org/patch-3.0.8-9, so it was fixed before shipping
SLES 11 SP2 with the 3.0 kernel.

Comment 3 Michal Hocko 2015-03-16 15:18:12 UTC

pushed to cve/linux-2.6.32 branch.
SLE11-SP1-TD got it from there.
SLE11-SP3-TD already has it from the stable
SLES10* branches do not seem to be affected because they do not have backport of 4a2b5fddd5

Comment 4 Marcus Meissner 2015-03-16 15:21:23 UTC

Ah, forgot the 2.6.32 SLE11 SP1 version.

Comment 5 Swamp Workflow Management 2015-03-16 23:00:12 UTC

bugbot adjusting priority

Comment 7 Swamp Workflow Management 2015-03-25 14:42:27 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-04-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61308