900881 – (CVE-2014-8086) VUL-0: CVE-2014-8086: kernel: fs: ext4 race condition

Bug 900881 (CVE-2014-8086) - VUL-0: CVE-2014-8086: kernel: fs: ext4 race condition

Summary: VUL-0: CVE-2014-8086: kernel: fs: ext4 race condition

Status:	RESOLVED FIXED

Alias:	CVE-2014-8086

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-06-15
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/109064/
Whiteboard:	maint:running:61844:important maint:r...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-10-13 08:38 UTC by Sebastian Krahmer
Modified:	2019-05-13 09:03 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
vfs: Fix race between fcntl() and file->f_flags checks (19.14 KB, patch) 2015-05-07 09:26 UTC, Jan Kara	Details \| Diff
vfs: Fix race between fcntl() and file->f_flags checks (15.14 KB, patch) 2015-05-07 13:29 UTC, Jan Kara	Details \| Diff
vfs: Fix race between fcntl() and file->f_flags checks (18.03 KB, patch) 2015-05-07 14:23 UTC, Jan Kara	Details \| Diff
vfs: Fix race between fcntl() and file->f_flags checks (12.14 KB, patch) 2015-05-07 14:27 UTC, Jan Kara	Details \| Diff
vfs: Fix race between fcntl() and file->f_flags checks (11.43 KB, patch) 2015-05-12 14:11 UTC, Jan Kara	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2014-10-13 08:38:34 UTC

rh#1151353



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1151353

Comment 1 Swamp Workflow Management 2014-10-13 22:00:22 UTC

bugbot adjusting priority

Comment 2 Jeff Mahoney 2014-10-13 22:05:54 UTC

Jan is involved with the upstream handling of this (which hasn't been settled yet) so I'm bouncing it to him.

Comment 3 Jan Kara 2014-12-19 13:58:49 UTC

Just FYI: The ext4 bug itself (or at least the most obvious part) has been fixed by commit a41537e69b4aa43f0fea02498c2595a81267383b. But there are multiple filesystem that have issues with O_DIRECT flag being changed while IO is running (and even ext4 still has some issues after the fix). A proper solution is still being worked on upstream.

Comment 4 Johannes Segitz 2015-04-08 12:21:08 UTC

(In reply to Jan Kara from comment #3)
Any updates here?

Comment 5 Jan Kara 2015-04-09 12:26:02 UTC

There are patches floating around (latest attempt is here: http://lists.openwall.net/linux-kernel/2015/04/04/162) but so far nothing merged.

Comment 6 Jan Kara 2015-05-07 09:26:34 UTC

Created attachment 633559 [details]
vfs: Fix race between fcntl() and file->f_flags checks

Comment 7 Jan Kara 2015-05-07 09:28:07 UTC

So in the end the upstream solution was bundled with lots of rather intrusive changes so I had to heavily modify it to avoid kABI breakage. Anyway, attached is the fix I've pushed to SLE12 kernel branch. I'm now going to have a look into backporting it into older branches.

Comment 8 Jan Kara 2015-05-07 13:29:10 UTC

Created attachment 633599 [details]
vfs: Fix race between fcntl() and file->f_flags checks

Patch pushed to cve/linux-3.0 branch (used for SLE11-SP2-LTSS, SLE11-SP3, SLE11-SP4 branches).

Comment 9 Jan Kara 2015-05-07 14:23:12 UTC

Created attachment 633611 [details]
vfs: Fix race between fcntl() and file->f_flags checks

Comment 10 Jan Kara 2015-05-07 14:24:08 UTC

I had to update the patch in cve/linux-3.0 with the above one as I've found it was missing a few hunks (fixes for several filesystems).

Comment 11 Jan Kara 2015-05-07 14:27:06 UTC

Created attachment 633613 [details]
vfs: Fix race between fcntl() and file->f_flags checks

Patch that went into cve/linux-2.6.32 branch for SLE11-SP1-LTSS, SLE11-SP1-TD.

Comment 12 Michal Hocko 2015-05-11 09:47:53 UTC

Merged into SLE11-SP3-TD from cve/linux-3.0 branch

Comment 14 Jan Kara 2015-05-12 14:11:07 UTC

Created attachment 633970 [details]
vfs: Fix race between fcntl() and file->f_flags checks

Patch that went into cve/linux-2.6.16 branch for SLES10_SP4_LTSS and some TD branches

Comment 15 Jan Kara 2015-05-12 14:13:19 UTC

All is done from my side. Reassigning to security team.

Comment 16 Swamp Workflow Management 2015-05-12 20:53:56 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-05-19.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61701

Comment 17 Swamp Workflow Management 2015-05-19 15:56:13 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-05-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61770

Comment 19 Swamp Workflow Management 2015-05-29 09:42:29 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61844

Comment 20 Swamp Workflow Management 2015-06-08 12:00:53 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-06-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61904

Comment 21 Swamp Workflow Management 2015-06-16 12:05:29 UTC

SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130
CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_5-1-2.3
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1

Comment 22 Swamp Workflow Management 2015-07-02 15:08:36 UTC

SUSE-SU-2015:1174-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (moderate)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-ec2-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.21, gfs2-2-0.17.1.21, ocfs2-1.6-0.21.1.21
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1

Comment 23 Swamp Workflow Management 2015-08-12 17:11:49 UTC

SUSE-SU-2015:1376-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (important)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.22, drbd-kmp-8.4.4-0.23.1.22, iscsitarget-1.4.20-0.39.1.22, kernel-rt-3.0.101.rt130-0.33.38.1, kernel-rt_trace-3.0.101.rt130-0.33.38.1, kernel-source-rt-3.0.101.rt130-0.33.38.1, kernel-syms-rt-3.0.101.rt130-0.33.38.1, lttng-modules-2.1.1-0.12.1.20, ocfs2-1.6-0.21.1.22, ofed-1.5.4.1-0.14.1.22

Comment 24 Swamp Workflow Management 2015-09-02 13:12:24 UTC

SUSE-SU-2015:1478-1: An update that solves 18 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 798406,821931,860593,879878,891087,897995,898693,900881,904671,908870,909477,912916,914742,915200,915517,915577,916010,917093,917830,918333,919007,919018,919463,921769,922583,923245,926240,927257,928801,929148,929283,929360,929525,930284,930934,931474,933429,935705,936831,937032,937986,940338,940398
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9683,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-1805,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-source-3.0.101-0.7.37.1, kernel-syms-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1

Comment 25 Marcus Meissner 2016-03-23 08:15:13 UTC

all done