994752 – (CVE-2014-7843) VUL-1: CVE-2014-7843: kernel-source: aarch64: copying from /dev/zero causes local DoS

Bug 994752 (CVE-2014-7843) - VUL-1: CVE-2014-7843: kernel-source: aarch64: copying from /dev/zero causes local DoS

Summary: VUL-1: CVE-2014-7843: kernel-source: aarch64: copying from /dev/zero causes l...

Status:	RESOLVED FIXED

Alias:	CVE-2014-7843

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Marcus Meissner
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2014-7843:4.7:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-08-20 09:09 UTC by Marcus Meissner
Modified:	2022-02-13 11:15 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-08-20 09:09:45 UTC

via cve db

The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. 


    MLIST:[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS
    URL:http://www.openwall.com/lists/oss-security/2014/11/13/5
    CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d
    CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
    CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1163744
    CONFIRM:https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d

Comment 1 Marcus Meissner 2016-08-20 09:10:46 UTC

only opensuse 13.2 might be affected, all other aarch64 using suse/opensuse distributions have kernel > 3.17.4

Comment 2 Swamp Workflow Management 2016-08-20 22:00:44 UTC

bugbot adjusting priority

Comment 3 Matthias Brugger 2016-09-12 11:17:01 UTC

Backported.

Comment 4 Swamp Workflow Management 2016-10-25 17:13:47 UTC

openSUSE-SU-2016:2625-1: An update that solves 12 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1000287,1001486,1003077,1003925,1003931,1004045,1004418,1004462,881008,909994,911687,922634,951155,960689,978094,980371,986570,989152,991247,991608,991665,993890,993891,994296,994520,994748,994752,994759,996664,999600,999932
CVE References: CVE-2015-7513,CVE-2015-8956,CVE-2016-0823,CVE-2016-1237,CVE-2016-5195,CVE-2016-5696,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7117,CVE-2016-7425,CVE-2016-8658
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.22.1, cloop-2.639-14.22.1, crash-7.0.8-22.1, hdjmod-1.28-18.23.1, ipset-6.23-22.1, kernel-debug-3.16.7-45.1, kernel-default-3.16.7-45.1, kernel-desktop-3.16.7-45.1, kernel-docs-3.16.7-45.2, kernel-ec2-3.16.7-45.1, kernel-obs-build-3.16.7-45.1, kernel-obs-qa-3.16.7-45.1, kernel-obs-qa-xen-3.16.7-45.1, kernel-pae-3.16.7-45.1, kernel-source-3.16.7-45.1, kernel-syms-3.16.7-45.1, kernel-vanilla-3.16.7-45.1, kernel-xen-3.16.7-45.1, pcfclock-0.44-260.22.1, vhba-kmp-20140629-2.22.1, virtualbox-5.0.28-54.2, xen-4.4.4_05-51.2, xtables-addons-2.6-24.1