923924 – (CVE-2015-2686) VUL-1: CVE-2015-2686: kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer

Bug 923924 (CVE-2015-2686) - VUL-1: CVE-2015-2686: kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer

Summary: VUL-1: CVE-2015-2686: kernel: sys_sendto/sys_recvfrom does not validate the u...

Status:	RESOLVED UPSTREAM

Alias:	CVE-2015-2686

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-24 09:54 UTC by Marcus Meissner
Modified:	2015-03-24 10:58 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-03-24 09:54:14 UTC

via grsecurity / oss-sec

References:
https://twitter.com/grsecurity/status/579050211605102592
https://twitter.com/grsecurity/status/579075689439059968

Upstream patch:
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea

Comment 1 Michal Hocko 2015-03-24 10:24:22 UTC

I got lost in the indirection. Do I read the code correctly and this was introduced by c0371da6047a (put iov_iter into msghdr)? That would be indeed 3.19+ material.

Comment 2 Marcus Meissner 2015-03-24 10:30:54 UTC

https://lkml.org/lkml/2014/11/18/868 perhaps

Comment 4 Marcus Meissner 2015-03-24 10:31:53 UTC

so it is post 3.19 stuff, and should not affect us.

Comment 5 Marcus Meissner 2015-03-24 10:37:53 UTC

usptream fixed, nmot in suse