Bug 854173 (CVE-2013-6431) - VUL-1: CVE-2013-6431: kernel: net: fib: fib6_add: potential NULL pointer dereference
Summary: VUL-1: CVE-2013-6431: kernel: net: fib: fib6_add: potential NULL pointer dere...
Status: VERIFIED FIXED
Alias: CVE-2013-6431
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-06 15:49 UTC by Alexander Bergmann
Modified: 2015-02-19 10:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-12-06 15:49:42 UTC 
Public via oss-security:

P J P <ppandit@...>
2013-12-06 13:46:01 GMT

Linux kernel built with the IPv6 protocol(CONFIG_IPv6) along with the IPv6 
source address based routing support(CONFIG_IPV6_SUBTREE) is vulnerable to a 
NULL pointer dereference flaw. It could occur while doing an ioctl(SIOCADDRT) 
call on an IPv6 socket. User would need to have CAP_NET_ADMIN privileges to 
perform such a call.

A user/program with CAP_NET_ADMIN privileges could use this flaw to crash a
system resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1039054
http://comments.gmane.org/gmane.comp.security.oss.general/11624
Comment 1 Swamp Workflow Management 2013-12-06 23:00:31 UTC 
bugbot adjusting priority
Comment 2 Michal Hocko 2013-12-09 10:07:15 UTC 
AFAIU, this has been introduced by 4a287eba (IPv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag) which has added ERR_PTR(-ENOENT) return value. This is 3.3 material so TD branches are not affected (same applies to SLE* branches in general).
Comment 3 Marcus Meissner 2013-12-10 08:11:28 UTC 
CVE-2013-6431
Comment 4 Borislav Petkov 2014-01-13 15:10:03 UTC 
Ok, you need CAP_NET_ADMIN so I'm not really shaken with fear but
let's apply that trivial fix because it is trivial (talk about trivial
tautology :-)).

SLE12 has it.
oS12.2: doesn't have the buggy commit 188c517a0 which introduced it.
oS12.3: applied.
oS13.1: has it.

Closing.
Comment 5 Bernhard Wiedemann 2014-02-03 22:00:36 UTC 
This is an autogenerated message for OBS integration:
This bug (854173) was mentioned in
https://build.opensuse.org/request/show/220752 12.3 / kernel-source
Comment 6 Swamp Workflow Management 2014-02-06 18:20:46 UTC 
openSUSE-SU-2014:0204-1: An update that solves 16 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 804950,805226,808358,811746,825006,831836,838024,840226,840656,844513,848079,848255,849021,849023,849029,849034,849362,852373,852558,852559,853050,853051,853052,853053,854173,854634,854722,860993
CVE References: CVE-2013-0343,CVE-2013-1792,CVE-2013-4348,CVE-2013-4511,CVE-2013-4513,CVE-2013-4514,CVE-2013-4515,CVE-2013-4587,CVE-2013-6367,CVE-2013-6368,CVE-2013-6376,CVE-2013-6378,CVE-2013-6380,CVE-2013-6431,CVE-2013-7027,CVE-2014-0038
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.28.2, kernel-source-3.7.10-1.28.1, kernel-syms-3.7.10-1.28.1