Bug 815256 (CVE-2013-3301) - VUL-1: kernel: CVE-2013-3301: ftrace tracing NULL pointer dereference
Summary: VUL-1: kernel: CVE-2013-3301: ftrace tracing NULL pointer dereference
Status: RESOLVED FIXED
Alias: CVE-2013-3301
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp3:54208 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-15 13:26 UTC by Sebastian Krahmer
Modified: 2015-02-19 03:32 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-04-15 13:26:10 UTC 
Do we have this enabled by default? I think not.

Via OSS-sec:

Date: Mon, 15 Apr 2013
From: P J P

  Hi,

Linux kernels built with Function Tracers and Stack Trackers are vulnerable
to a NULL pointer dereference flaw. It occurs while writing to
`set_ftrace_pid' and `set_graph_function' files used by the kernel tracers.

A privileged user/program could use this flaw to crash the kernel,
resulting in DoS.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d

Reference:
----------
 -> https://bugzilla.redhat.com/show_bug.cgi?id=952197

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B
Comment 1 Swamp Workflow Management 2013-04-15 22:00:26 UTC 
bugbot adjusting priority
Comment 2 Michal Hocko 2013-04-25 13:28:21 UTC 
Hmm, I do not see any of the changed fops to have seq_lseek in SLE11-SP1 so I guess this doesn't affect it. Only ftrace_avail_fops and ftrace_failures_fops use seq_lseek but those use the same in upstream as well. I have no idea what the code does though.
Comment 3 Sebastian Krahmer 2013-04-29 06:15:45 UTC 
CVE-2013-3301
Comment 4 Marcus Meissner 2013-07-18 14:13:15 UTC 
SUSE Linux Enterprise 10 does not include function tracing, so is not affected by this problem.
Comment 5 Marcus Meissner 2013-07-25 10:11:11 UTC 
(We have ftrace enabled by default.)

The fix is already in patches.kernel.org/patch-3.0.81-82

so it is fixed for SLE11 SP3 already and soon for SP2.


- openSUSE is still missing.
Comment 6 Jeff Mahoney 2013-08-01 16:07:45 UTC 
Applied to openSUSE 12.2 via 3.4.49
Applied to openSUSE 12.3.
Applied to upstream in 3.9 so newer releases are unaffected.
Comment 7 Marcus Meissner 2013-09-20 14:46:59 UTC 
We have just released a kernel update for SUSE Linux Enterprise 11 SP3 that mentions/fixes this bug. The released version is 3.0.93-0.8.2.
Comment 8 Swamp Workflow Management 2013-09-20 16:51:26 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)
Comment 9 Swamp Workflow Management 2013-09-20 17:04:01 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)
Comment 10 Swamp Workflow Management 2013-09-20 17:05:17 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)
Comment 11 Swamp Workflow Management 2013-09-20 17:24:29 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)
Comment 12 Swamp Workflow Management 2013-09-20 17:49:16 UTC 
Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-devel, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-devel, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)
Comment 13 Swamp Workflow Management 2013-09-20 22:07:51 UTC 
Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)
Comment 14 Swamp Workflow Management 2013-09-21 01:06:57 UTC 
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 15 Swamp Workflow Management 2013-09-21 04:10:28 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)
Comment 16 Swamp Workflow Management 2013-09-21 05:10:37 UTC 
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 17 Swamp Workflow Management 2013-09-21 06:11:32 UTC 
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)
Comment 18 Swamp Workflow Management 2013-10-07 17:03:45 UTC 
Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)
Comment 19 Swamp Workflow Management 2013-12-30 20:10:44 UTC 
openSUSE-SU-2013:1971-1: An update that solves 34 vulnerabilities and has 19 fixes is now available.

Category: security (moderate)
Bug References: 799516,801341,802347,804198,807153,807188,807471,808827,809906,810144,810473,811882,812116,813733,813889,814211,814336,814510,815256,815320,816668,816708,817651,818053,818561,821612,821735,822575,822579,823267,823342,823517,823633,823797,824171,824295,826102,826350,826374,827749,827750,828119,828191,828714,829539,831058,831956,832615,833321,833585,834647,837258,838346
CVE References: CVE-2013-0914,CVE-2013-1059,CVE-2013-1819,CVE-2013-1929,CVE-2013-1979,CVE-2013-2141,CVE-2013-2148,CVE-2013-2164,CVE-2013-2206,CVE-2013-2232,CVE-2013-2234,CVE-2013-2237,CVE-2013-2546,CVE-2013-2547,CVE-2013-2548,CVE-2013-2634,CVE-2013-2635,CVE-2013-2851,CVE-2013-2852,CVE-2013-3222,CVE-2013-3223,CVE-2013-3224,CVE-2013-3226,CVE-2013-3227,CVE-2013-3228,CVE-2013-3229,CVE-2013-3230,CVE-2013-3231,CVE-2013-3232,CVE-2013-3233,CVE-2013-3234,CVE-2013-3235,CVE-2013-3301,CVE-2013-4162
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.24.1, kernel-source-3.7.10-1.24.1, kernel-syms-3.7.10-1.24.1