Bugzilla – Bug 866842
VUL-1: CVE-2014-0102: kernel: keyrings: search_nested_keyrings can crash the system
Last modified: 2014-09-01 13:55:32 UTC
via oss-sec The problem is that search_nested_keyrings() sees two keyrings that have matching type and description, so keyring_compare_object() returns true. s_n_k() then passes the key to the iterator function - keyring_detect_cycle_iterator() - which *should* check to see whether this is the keyring of interest, not just one with the same name and, leads to BUG_ON. An unprivileged local user could use this flaw to crash the system. Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 References: https://bugzilla.redhat.com/show_bug.cgi?id=1072419 https://lkml.org/lkml/2014/2/27/507 Upstream patch: http://www.kernelhub.org/?msg=425013&p=2 References: http://comments.gmane.org/gmane.comp.security.oss.general/12279 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
given that it was introduced september 2013 it probably only affects 13.1/Factory/SLE12
CVE-2014-0102
bugbot adjusting priority
David's patch merged to v3.14-rc6 kernel on upstream: commit 979e0d74651ba5aa533277f2a6423d0f982fb6f6 Author: David Howells <dhowells@redhat.com> Date: Sun Mar 9 08:21:58 2014 +0000 KEYS: Make the keyring cycle detector ignore other keyrings of the same nam I will backport it to openSUSE 13.1 and SLE-12.
Patch pushed to SLE-12 kernel branch: commit 2eea5801d812dac65e60070975c6ac64d88b7216 Author: Lee, Chun-Yi <jlee@suse.com> Date: Fri Mar 28 12:57:15 2014 +0800 KEYS: Make the keyring cycle detector ignore other keyrings of the same name (bnc#866842, CVE-2014-0102).
Did not see keyring_detect_cycle_iterator() function in openSUSE 13.1 kernel. I think don't need apply backported patch.
thanks, so it seems fixed!