Bug 939994 (CVE-2015-5697) - VUL-1: CVE-2015-5697: kernel: Information leak in md driver
Summary: VUL-1: CVE-2015-5697: kernel: Information leak in md driver
Status: RESOLVED FIXED
Alias: CVE-2015-5697
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Neil Brown
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/119329/
Whiteboard: CVSSv3.1:SUSE:CVE-2015-5697:1.9:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-30 08:13 UTC by Johannes Segitz
Modified: 2022-05-18 09:23 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2015-07-30 08:13:02 UTC 
CVE-2015-5697
From: Benjamin Randazzo 

In the md driver of the Linux kernel it’s possible to request a bitmap file for a device, but when bitmap is disabled 
only the first byte of the buffer is initialized to zero, and then it is copied in user space. This results in an 
information leak.

The patch for this issue was applied and committed in linux-next :
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4 
<http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4>
(+ merged: 
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79 
<http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=348470064e7c42cb08f1c9d6e9f0a7d2865b3b79>)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5697
http://seclists.org/oss-sec/2015/q3/235
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5697.html
Comment 2 Swamp Workflow Management 2015-07-30 22:00:17 UTC 
bugbot adjusting priority
Comment 5 Neil Brown 2015-08-03 05:18:12 UTC 
Given that this ioctl is restricted to CAP_SYS_ADMIN it isn't clear to me that this is really a problem.
However I split the original patch in 2: just the fix, and then the cleanup.
I've applied the 'just the fix' to sles11-SP3+ and sles12-GA+ kernels.
Anything else needed?
Comment 7 Michal Hocko 2015-08-04 07:39:37 UTC 
(In reply to Neil Brown from comment #5)
> Given that this ioctl is restricted to CAP_SYS_ADMIN it isn't clear to me
> that this is really a problem.

I completely agree. The CVE sounds bogus to me. Can we push back and request the cancellation of the CVE status? Or this is relevant for the "untrusted root" environment?
Comment 12 Swamp Workflow Management 2015-09-22 08:24:02 UTC 
SUSE-SU-2015:1592-1: An update that solves 14 vulnerabilities and has 45 fixes is now available.

Category: security (important)
Bug References: 851068,867362,873385,883380,886785,894936,915517,917830,919463,920110,920250,920733,921430,923245,924701,925705,925881,925903,926240,926953,927355,927786,929142,929143,930092,930761,930934,931538,932348,932458,933429,933896,933904,933907,933936,934742,934944,935053,935572,935705,935866,935906,936077,936423,936637,936831,936875,936925,937032,937402,937444,937503,937641,937855,939910,939994,940338,940398,942350
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1, kernel-source-rt-3.0.101.rt130-0.33.40.1, kernel-syms-rt-3.0.101.rt130-0.33.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.40.1, kernel-rt_trace-3.0.101.rt130-0.33.40.1
Comment 13 Swamp Workflow Management 2015-10-05 15:26:29 UTC 
SUSE-SU-2015:1678-1: An update that solves 15 vulnerabilities and has 67 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-65.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
Comment 14 Neil Brown 2015-10-08 07:27:15 UTC 
Fix has gone out, so closing bug.
Comment 15 Swamp Workflow Management 2015-10-13 09:19:10 UTC 
SUSE-SU-2015:1727-1: An update that solves 7 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 856382,886785,898159,907973,908950,912183,914818,916543,920016,922071,924722,929092,929871,930813,932285,932350,934430,934942,934962,936556,936773,937609,937612,937613,937616,938550,938706,938891,938892,938893,939145,939266,939716,939834,939994,940398,940545,940679,940776,940912,940925,940965,941098,941305,941908,941951,942160,942204,942307,942367,948536
CVE References: CVE-2015-5156,CVE-2015-5157,CVE-2015-5283,CVE-2015-5697,CVE-2015-6252,CVE-2015-6937,CVE-2015-7613
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.48-52.27.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.48-52.27.2, kernel-obs-build-3.12.48-52.27.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.48-52.27.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_8-1-2.6
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2
Comment 16 Swamp Workflow Management 2015-12-02 14:22:20 UTC 
SUSE-SU-2015:2167-1: An update that solves 7 vulnerabilities and has 59 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917968,920016,920110,920733,923002,923431,924701,925705,925881,925903,927355,929076,929142,929143,930092,930934,931620,932350,933721,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2015-1420,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5697,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-45.1, kernel-rt_trace-3.0.101.rt130-45.1, kernel-source-rt-3.0.101.rt130-45.1, kernel-syms-rt-3.0.101.rt130-45.1