Bug 896779 (CVE-2012-6657) - VUL-0: CVE-2012-6657: kernel: net: guard tcp_set_keepalive against crash
Summary: VUL-0: CVE-2012-6657: kernel: net: guard tcp_set_keepalive against crash
Status: RESOLVED FIXED
Alias: CVE-2012-6657
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-11-14
Assignee: E-mail List
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle10-sp3:59071 main...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-15 21:16 UTC by Marcus Meissner
Modified: 2015-04-30 19:15 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-09-15 21:16:36 UTC 
public via oss-sec

    Hello,

Linux kernel built with the Networking support(CONFIG_NET) is vulnerable to a
crash, while resetting a socket timer. It could occur while doing a
setsockopt(SO_KEEPALIVE) call.

A privileged user/process able to create RAW socket could use this flaw to
crash the system kernel resulting in DoS.

Upstream fix:
- -------------
   -> https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1141742
Comment 1 Swamp Workflow Management 2014-09-15 22:00:33 UTC 
bugbot adjusting priority
Comment 2 SMASH SMASH 2014-09-16 12:50:10 UTC 
Affected packages:

SLE-10-SP3-TERADATA: kernel-source
SLE-11-SP1-TERADATA: kernel-source
SLE-11-SP3: kernel-source
SLE-11-SP3-PRODUCTS: kernel-source
SLE-11-SP3-UPTU: kernel-source
Comment 3 Michal Hocko 2014-09-22 10:08:58 UTC 
IIUC the issue is that inet_csk_reset_keepalive_timer(sk, keepalive_time_when(tcp_sk(sk))) in tcp_set_keepalive will blow up if this is not a TCP stream socket.

Fix pushed to SLES10-SP3-TD and SLE11-SP1-TD.
Comment 5 Swamp Workflow Management 2014-09-25 09:08:54 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-10-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59070
Comment 7 Swamp Workflow Management 2014-11-07 10:47:43 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-11-14.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59589
Comment 8 Michal Marek 2014-11-07 14:18:41 UTC 
This has been fixed via stable (v3.0.46) in SLE11-SP2 / SLE11-SP3. SLE12 is also fixed. Any other branches to worry about or can we close this?
Comment 9 Marcus Meissner 2014-11-07 15:37:14 UTC 
the fix going by age should also be in the openSUSE releases already, so we can close.
Comment 10 Swamp Workflow Management 2015-04-02 00:09:09 UTC 
SUSE-SU-2015:0652-1: An update that solves 17 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 771619,833820,846404,857643,875051,885077,891211,892235,896390,896391,896779,899338,902346,902349,902351,904700,905100,905312,907822,908870,911325,912654,912705,912916,913059,915335,915826
CVE References: CVE-2010-5313,CVE-2012-6657,CVE-2013-4299,CVE-2013-7263,CVE-2014-0181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-7841,CVE-2014-7842,CVE-2014-8160,CVE-2014-8709,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    kernel-default-2.6.32.59-0.19.1, kernel-ec2-2.6.32.59-0.19.1, kernel-pae-2.6.32.59-0.19.1, kernel-source-2.6.32.59-0.19.1, kernel-syms-2.6.32.59-0.19.1, kernel-trace-2.6.32.59-0.19.1, kernel-xen-2.6.32.59-0.19.1, xen-4.0.3_21548_18-0.9.17
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.19.1, kernel-pae-2.6.32.59-0.19.1, kernel-xen-2.6.32.59-0.19.1
Comment 11 Swamp Workflow Management 2015-04-30 19:15:01 UTC 
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available.

Category: security (important)
Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325
CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1