933971 – (CVE-2015-4176) VUL-0: CVE-2015-4176: kernel-source: Deletion of a file or directory could trigger an unmount and reveal dataunder a mount point.

Bug 933971 (CVE-2015-4176) - VUL-0: CVE-2015-4176: kernel-source: Deletion of a file or directory could trigger an unmount and reveal dataunder a mount point.

Summary: VUL-0: CVE-2015-4176: kernel-source: Deletion of a file or directory could tr...

Status:	RESOLVED UPSTREAM

Alias:	CVE-2015-4176

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/117334/
Whiteboard:
Keywords:

Depends on:	CVE-2015-4178
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2015-06-08 17:22 UTC by Marcus Meissner
Modified:	2015-06-17 14:48 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-06-08 17:22:54 UTC

CVE-2015-4176

probsably also 4.0 only

Use CVE-2015-4176 for the issue fixed in
e0c9c0afd2fc958ffa34b697972721d81df8a56f. This code change is present
in 4.0.2.

original emaiL:

   Hello,

Linux kernel built with the user namespaces support(CONFIG_USER_NS) is vulnerable to a NULL pointer dereference flaw. It could occur when users in user namespaces do unmount mounts.


An unprivileged user could use this flaw to crash the system resulting in DoS.

Upstream fixes:
---------------
  -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
  -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae

It was introduced by:
---------------------
  -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1

Thank you Drew Fisher for reporting this issue to Fedora Security Team.

Thank you.
--

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4176
http://seclists.org/oss-sec/2015/q2/640
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4176.html

Comment 1 Swamp Workflow Management 2015-06-08 22:02:21 UTC

bugbot adjusting priority

Comment 2 Borislav Petkov 2015-06-12 11:03:05 UTC

Same as bsc#933969 I guess:

  e0c9c0afd2fc ("mnt: Update detach_mounts to leave mounts connected")

missing is not a problem if

  ce07d891a089 ("mnt: Honor MNT_LOCKED when detaching mounts")

is not present.

Bouncing back.

Comment 3 Marcus Meissner 2015-06-17 14:48:18 UTC

then close