Bugzilla – Bug 778460
VUL-1: CVE-2012-3552: kernel: net: slab corruption due to improper synchronization around inet->opt
Last modified: 2016-03-18 15:36:51 UTC
Via OSS-sec: Description of the problem: Lack proper synchronization to manipulate inet->opt ip_options can lead to system crash. Problem is that ip_make_skb() calls ip_setup_cork() and ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options), without any protection against another thread manipulating inet->opt. Another thread can change inet->opt pointer and free old one under us. Given right server application (setting socket options and processing traffic over the same socket at the same time), remote attacker could use this flaw to crash the system. More likely though, local unprivileged user could use this flaw to crash the system. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a3 +0b2a7abcd939329259 Thanks, -- Petr Matousek / Red Hat Security Response Team
CVE-2012-3552
bugbot adjusting priority
any evaluation here? what versions does this affect?
Only SUSE Linux ENterprise 10 codebase is affected, newer versions are not. Was fixed around 2.6.39 timeframe, so does not affect 3.0 and newer kernels.
(and SLE11 SP1 with 2.6.32 likely)
The fix breaks the KABI. Teradata kernels are the only kernels that require this fix. Does Teradata prefer 1) not having this fixed at all 2) having this fixed at the expense of breaking the KABI? As Petr says, the risk is low (local DoS).
(In reply to Jiri Bohac from comment #13) > The fix breaks the KABI. Teradata kernels are the only kernels that require > this fix. > > Does Teradata prefer > 1) not having this fixed at all > 2) having this fixed at the expense of breaking the KABI? > > As Petr says, the risk is low (local DoS). ping Roberto
(In reply to Michal Hocko from comment #14) > (In reply to Jiri Bohac from comment #13) > > The fix breaks the KABI. Teradata kernels are the only kernels that require > > this fix. > > > > Does Teradata prefer > > 1) not having this fixed at all > > 2) having this fixed at the expense of breaking the KABI? > > > > As Petr says, the risk is low (local DoS). > > ping Roberto Michal, Yes. Teradata would like this in TD kernel(s).
(In reply to Roberto Angelino from comment #15) > (In reply to Michal Hocko from comment #14) > > (In reply to Jiri Bohac from comment #13) > > > The fix breaks the KABI. Teradata kernels are the only kernels that require > > > this fix. > > > > > > Does Teradata prefer > > > 1) not having this fixed at all > > > 2) having this fixed at the expense of breaking the KABI? > > > > > > As Petr says, the risk is low (local DoS). > > > > ping Roberto > > Michal, > Yes. Teradata would like this in TD kernel(s). Jiri, could you take care of this please?
Michal: the patch is in the v2.6.32.61 stable kernel, which applies cleanly to the SLE11-SP1-TD branch. I pushed a kernel with this patch to users/jbohac/SLE11-SP1-TD/for-next. As discussed earlier, the fix breaks the KABI, so it needs to be refreshed. Do Teradata want this also in SLES10-SP3-TD? (2.6.32.y is the oldest -stable branch containing the fix, we would have to backport it to 2.6.16)
(In reply to Jiri Bohac from comment #18) > Michal: the patch is in the v2.6.32.61 stable kernel, which applies cleanly > to the SLE11-SP1-TD branch. I pushed a kernel with this patch to > users/jbohac/SLE11-SP1-TD/for-next. As discussed earlier, the fix breaks the > KABI, so it needs to be refreshed. Pulled, thanks! I have updated kabi metadata as well.
done i think