916225 – (CVE-2015-1465) VUL-0: CVE-2015-1465: kernel: net: DoS due to routing packets to too many different dsts/too fast

Bug 916225 (CVE-2015-1465) - VUL-0: CVE-2015-1465: kernel: net: DoS due to routing packets to too many different dsts/too fast

Summary: VUL-0: CVE-2015-1465: kernel: net: DoS due to routing packets to too many dif...

Status:	RESOLVED FIXED

Alias:	CVE-2015-1465

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-02-04 13:13 UTC by Johannes Segitz
Modified:	2016-04-27 19:34 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2015-02-04 13:13:49 UTC

Not caching dst_entries which cause redirects could be exploited by hosts on the same subnet, causing a severe DoS attack. This effect aggravated since commit f88649721268999 ("ipv4: fix dst race in sk_dst_get()"). Lookups causing redirects will be allocated with DST_NOCACHE set which will force dst_release to free them via RCU. Unfortunately waiting for RCU grace period just takes too long, we can end up with >1M dst_entries waiting to be released and the system will run OOM. rcuos threads cannot catch up under high softirq load. Attaching the flag to emit a redirect later on to the specific skb allows us to cache those dst_entries thus reducing the pressure on allocation and deallocation. 

This issue was discovered by Marcelo Leitner. 

References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0
https://bugzilla.redhat.com/show_bug.cgi?id=1183744

Comment 1 Michal Hocko 2015-02-04 15:10:34 UTC

The commit message mentions f88649721268999 ("ipv4: fix dst race in sk_dst_get()") but it is not entirely clear to me whether this one just made it more visible or caused it.

Comment 2 Johannes Segitz 2015-02-04 15:16:58 UTC

(In reply to Michal Hocko from comment #1)
"This effect aggravated since commit f88649721268999"

Sounds to me like it's not caused by this commit, only made worse.

Comment 3 Michal Hocko 2015-02-04 15:20:48 UTC

(In reply to Johannes Segitz from comment #2)
> (In reply to Michal Hocko from comment #1)
> "This effect aggravated since commit f88649721268999"
> 
> Sounds to me like it's not caused by this commit, only made worse.

Right, that's why I am asking because I am not even close to understand the code the patch is affecting.

Comment 4 Swamp Workflow Management 2015-02-04 23:01:09 UTC

bugbot adjusting priority

Comment 6 Borislav Petkov 2015-04-08 09:50:06 UTC

Assigning to jbohac. Jiri, feel free to assign to the proper person if you are not him.

Thanks.

Comment 12 Jiri Bohac 2015-04-14 16:43:32 UTC

SLE12 got the fix via the 3.12.26 stable update.
I pushed the fix to OpenSUSE-13.2 and OpenSUSE-13.1
Kernels prior to v3.7 are not affected.

Comment 13 Michal Hocko 2015-04-14 16:56:46 UTC

(In reply to Jiri Bohac from comment #12)
> SLE12 got the fix via the 3.12.26 stable update.
> I pushed the fix to OpenSUSE-13.2 and OpenSUSE-13.1
> Kernels prior to v3.7 are not affected.

Thanks Jiri! This means that no TD branch is affected.

Comment 14 Marcus Meissner 2015-04-15 06:17:27 UTC

means SLE12 already is fixed with GA release.

And also that SLE11 and older are not affected by this issue.

thanks!

Comment 15 Jiri Bohac 2015-04-15 11:41:14 UTC

(In reply to Jiri Bohac from comment #12)
> SLE12 got the fix via the 3.12.26 stable update.

Oops, I don' know where I got this wrong version from. It arrived in 3.12.38, so it was not in the GA release. Sorry for the wrong info.

Marcus, I suppose that does not change anything from the maintenance POV, since 3.12.38 has already been released as well, right?

Comment 16 Marcus Meissner 2015-04-15 12:10:13 UTC

We should have written this CVE in the .changes file of the last update so the automatic scripts could have put it on https://www.suse.com/security/cve/CVE-2015-1465.html

If you or jslaby want to edit the references on the 3.12.38 stable update to contan this bug nr and CVE id, this would be good.

Comment 17 Swamp Workflow Management 2015-06-16 12:06:36 UTC

SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130
CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_5-1-2.3
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1

Comment 18 Swamp Workflow Management 2015-08-14 09:10:23 UTC

openSUSE-SU-2015:1382-1: An update that solves 21 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 907092,907714,915517,916225,919007,919596,921769,922583,925567,925961,927786,928693,929624,930488,930599,931580,932348,932844,933934,934202,934397,934755,935530,935542,935705,935913,937226,938976,939394
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1420,CVE-2015-1465,CVE-2015-2041,CVE-2015-2922,CVE-2015-3212,CVE-2015-3290,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.11.1, cloop-2.639-14.11.1, crash-7.0.8-11.1, hdjmod-1.28-18.12.1, ipset-6.23-11.1, kernel-debug-3.16.7-24.1, kernel-default-3.16.7-24.1, kernel-desktop-3.16.7-24.1, kernel-docs-3.16.7-24.2, kernel-ec2-3.16.7-24.1, kernel-obs-build-3.16.7-24.2, kernel-obs-qa-3.16.7-24.1, kernel-obs-qa-xen-3.16.7-24.1, kernel-pae-3.16.7-24.1, kernel-source-3.16.7-24.1, kernel-syms-3.16.7-24.1, kernel-vanilla-3.16.7-24.1, kernel-xen-3.16.7-24.1, pcfclock-0.44-260.11.1, vhba-kmp-20140629-2.11.1, xen-4.4.2_06-25.1, xtables-addons-2.6-11.1

Comment 19 Swamp Workflow Management 2015-09-04 10:11:11 UTC

SUSE-SU-2015:1488-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 916225,939044,939240,939241,939262,939263,939270,939273,939276,939277
CVE References: CVE-2014-7822,CVE-2014-8159,CVE-2015-1465,CVE-2015-1805,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_2-3-2.1

Comment 20 Swamp Workflow Management 2015-09-04 10:13:31 UTC

SUSE-SU-2015:1489-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 902349,916225,939044,939240,939241,939260,939262,939263,939270,939273,939276,939277
CVE References: CVE-2014-3687,CVE-2014-7822,CVE-2014-8159,CVE-2014-9710,CVE-2015-1465,CVE-2015-1805,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_1-3-2.1

Comment 21 Swamp Workflow Management 2016-02-04 18:14:39 UTC

SUSE-SU-2016:0337-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_8-2-2.1

Comment 22 Swamp Workflow Management 2016-02-08 17:11:36 UTC

SUSE-SU-2016:0380-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_3-4-2.1

Comment 23 Swamp Workflow Management 2016-02-08 17:13:27 UTC

SUSE-SU-2016:0381-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_4-4-2.1

Comment 24 Swamp Workflow Management 2016-02-08 17:17:13 UTC

SUSE-SU-2016:0383-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_5-4-2.1

Comment 25 Swamp Workflow Management 2016-02-08 17:18:58 UTC

SUSE-SU-2016:0384-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_2-5-2.1

Comment 26 Swamp Workflow Management 2016-02-08 17:21:00 UTC

SUSE-SU-2016:0386-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_6-3-2.1

Comment 27 Swamp Workflow Management 2016-02-08 17:22:44 UTC

SUSE-SU-2016:0387-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_7-3-2.1

Comment 28 Swamp Workflow Management 2016-02-11 20:11:18 UTC

SUSE-SU-2016:0434-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 916225,940342,951542,951625,953052,954005,958601
CVE References: CVE-2015-2925,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8539
Sources used:
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_1-5-2.1