969354 – (CVE-2012-6701) VUL-0: CVE-2012-6701: kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access

Bug 969354 (CVE-2012-6701) - VUL-0: CVE-2012-6701: kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access

Summary: VUL-0: CVE-2012-6701: kernel: AIO interface didn't use rw_verify_area() for c...

Status:	RESOLVED FIXED

Alias:	CVE-2012-6701

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/162482/
Whiteboard:	CVSSv2:SUSE:CVE-2012-6701:5.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-03-03 13:48 UTC by Alexander Bergmann
Modified:	2020-06-11 12:18 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-03-03 13:48:39 UTC

rh#1314288

It was found that AIO interface didn't use the proper rw_verify_area() helper function that checks (for example) mandatory locking on the file, and that the size of the access doesn't cause overflow of the provided offset limits.

Upstream patch:

https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893

CVE assignment:

http://seclists.org/oss-sec/2016/q1/491

CVE-2012-6701 was assigned to this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1314288
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6701
http://seclists.org/oss-sec/2016/q1/491

Comment 1 Swamp Workflow Management 2016-03-03 23:01:19 UTC

bugbot adjusting priority

Comment 3 Goldwyn Rodrigues 2016-03-14 06:44:26 UTC

This is already present in SLES11-SP4 (commit 2ec196c975ffb8076df77f6fa929448717e5141b). For SLE12 kernels, refer bug#969355.

Comment 8 Goldwyn Rodrigues 2016-08-03 18:56:25 UTC

2698377daeb469a9d68021979d2e506922f788da comes from the stable branch. Try the kernel.git (as opposed to kernel-source.git)

Comment 9 Andreas Stieger 2016-08-03 19:00:02 UTC

I think he was in the correct git, but did not have the stable remote.
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

Comment 10 Swamp Workflow Management 2016-08-24 13:13:34 UTC

openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3

Comment 11 Marcus Meissner 2017-03-01 13:06:20 UTC

its done I think