922583 – (CVE-2015-2922) VUL-1: CVE-2015-2922: kernel: ipv6 hop limit issue VU#711516

Bug 922583 (CVE-2015-2922) - VUL-1: CVE-2015-2922: kernel: ipv6 hop limit issue VU#711516

Summary: VUL-1: CVE-2015-2922: kernel: ipv6 hop limit issue VU#711516

Status:	RESOLVED FIXED

Alias:	CVE-2015-2922

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Enhancement
Target Milestone:	---
Deadline:	2015-10-07
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:61844:important maint:r...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-16 16:43 UTC by Marcus Meissner
Modified:	2016-02-08 15:02 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Swamp Workflow Management 2015-03-16 23:02:47 UTC

bugbot adjusting priority

Comment 8 Swamp Workflow Management 2015-03-17 23:00:12 UTC

bugbot adjusting priority

Comment 12 Marcus Meissner 2015-04-07 05:17:03 UTC

> An unprivileged user on a local network can use IPv6 Neighbour
> Discovery ICMP to broadcast a non-route with a low hop limit, this
> causing machines to lower the hop limit on existing IPv6 routes.

> Projects impacted:  Linux kernel,  NetworkManager, FreeBSD Kernel

> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a

Use CVE-2015-2922 for the Linux kernel vulnerability.

Comment 13 Jiri Bohac 2015-05-15 15:17:06 UTC

SLE12 got the fix via 3.12.41 stable update.
Pushed to SLE11-SP3, openSUSE-13.1 and openSUSE-13.2

Comment 14 Michal Hocko 2015-05-15 15:30:08 UTC

cherry-picked to SLE11-SP3-TD

Comment 16 Swamp Workflow Management 2015-05-29 09:44:22 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61844

Comment 17 Swamp Workflow Management 2015-06-08 12:05:24 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-06-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61904

Comment 18 Swamp Workflow Management 2015-06-16 12:07:45 UTC

SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130
CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_5-1-2.3
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1

Comment 19 Swamp Workflow Management 2015-07-02 15:18:50 UTC

SUSE-SU-2015:1174-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (moderate)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-ec2-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.21, gfs2-2-0.17.1.21, ocfs2-1.6-0.21.1.21
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1

Comment 20 Swamp Workflow Management 2015-07-10 14:08:46 UTC

SUSE-SU-2015:1224-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 915517,919007,922583,923908,927355,929525,929647,930786,933429,933896,933904,933907,935705,936831
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11-SP3-TERADATA (src):    kernel-source-3.0.101-57.TDC.2, kernel-syms-3.0.101-57.TDC.2

Comment 24 Jiri Bohac 2015-07-21 17:54:54 UTC

The code has been there since ever, SLES10-SP3 has it as well:

        if (ra_msg->icmph.icmp6_hop_limit) {
                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
                if (rt)
                        rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
        }

The fix would be identical.

Comment 25 Michal Hocko 2015-07-21 18:54:09 UTC

(In reply to Jiri Bohac from comment #24)
> The code has been there since ever, SLES10-SP3 has it as well:
> 
>         if (ra_msg->icmph.icmp6_hop_limit) {
>                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
>                 if (rt)
>                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] =
> ra_msg->icmph.icmp6_hop_limit;
>         }
> 
> The fix would be identical.

OK, I've cherry picked this to SLE11-SP1-TD and SLES10-SP3-TD as well. As per comment 7 I do not think this warrants any immediate action maintenance-wise.

Comment 27 Swamp Workflow Management 2015-08-12 17:21:47 UTC

SUSE-SU-2015:1376-1: An update that solves 15 vulnerabilities and has 71 fixes is now available.

Category: security (important)
Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.22, drbd-kmp-8.4.4-0.23.1.22, iscsitarget-1.4.20-0.39.1.22, kernel-rt-3.0.101.rt130-0.33.38.1, kernel-rt_trace-3.0.101.rt130-0.33.38.1, kernel-source-rt-3.0.101.rt130-0.33.38.1, kernel-syms-rt-3.0.101.rt130-0.33.38.1, lttng-modules-2.1.1-0.12.1.20, ocfs2-1.6-0.21.1.22, ofed-1.5.4.1-0.14.1.22

Comment 28 Swamp Workflow Management 2015-08-14 09:11:16 UTC

openSUSE-SU-2015:1382-1: An update that solves 21 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 907092,907714,915517,916225,919007,919596,921769,922583,925567,925961,927786,928693,929624,930488,930599,931580,932348,932844,933934,934202,934397,934755,935530,935542,935705,935913,937226,938976,939394
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1420,CVE-2015-1465,CVE-2015-2041,CVE-2015-2922,CVE-2015-3212,CVE-2015-3290,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.11.1, cloop-2.639-14.11.1, crash-7.0.8-11.1, hdjmod-1.28-18.12.1, ipset-6.23-11.1, kernel-debug-3.16.7-24.1, kernel-default-3.16.7-24.1, kernel-desktop-3.16.7-24.1, kernel-docs-3.16.7-24.2, kernel-ec2-3.16.7-24.1, kernel-obs-build-3.16.7-24.2, kernel-obs-qa-3.16.7-24.1, kernel-obs-qa-xen-3.16.7-24.1, kernel-pae-3.16.7-24.1, kernel-source-3.16.7-24.1, kernel-syms-3.16.7-24.1, kernel-vanilla-3.16.7-24.1, kernel-xen-3.16.7-24.1, pcfclock-0.44-260.11.1, vhba-kmp-20140629-2.11.1, xen-4.4.2_06-25.1, xtables-addons-2.6-11.1

Comment 29 Swamp Workflow Management 2015-09-02 13:16:19 UTC

SUSE-SU-2015:1478-1: An update that solves 18 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 798406,821931,860593,879878,891087,897995,898693,900881,904671,908870,909477,912916,914742,915200,915517,915577,916010,917093,917830,918333,919007,919018,919463,921769,922583,923245,926240,927257,928801,929148,929283,929360,929525,930284,930934,931474,933429,935705,936831,937032,937986,940338,940398
CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9683,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-1805,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-source-3.0.101-0.7.37.1, kernel-syms-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1

Comment 30 Marcus Meissner 2015-09-25 14:09:15 UTC

done i think.

Comment 32 Swamp Workflow Management 2015-09-30 13:08:43 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-10-07.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62295

Comment 33 Swamp Workflow Management 2016-02-01 15:16:36 UTC

openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1