Bugzilla – Bug 1094186
VUL-1: CVE-2017-18270: kernel: improper keyrings creation
Last modified: 2020-01-16 17:07:47 UTC
rh#1580979 In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1580979 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18270 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18270.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18270 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3
Already fixed. https://github.com/openSUSE/kernel/commit/539255aea88e47932a98ba7656775cbca4f3d27c
patches.kernel.org/4.4.90-012-KEYS-prevent-creating-a-different-user-s-keyri.patch
it is fixed in 4.4.90, so sle12 sp2 and sp3. it is not fixed in the older codestreams
SLE11-SP4 already contains it, too (via bsc#1065999), but not in other branches. Joey, care to check this?
(In reply to Takashi Iwai from comment #4) > SLE11-SP4 already contains it, too (via bsc#1065999), but not in other > branches. Just to make clear: SLE12-SP2/SP3, SLE15, TW and SLE11-SP4 are already covered. The rest (cve/linux-3.12, and older ones) are missing.
(In reply to Takashi Iwai from comment #5) > (In reply to Takashi Iwai from comment #4) > > SLE11-SP4 already contains it, too (via bsc#1065999), but not in other > > branches. > > Just to make clear: SLE12-SP2/SP3, SLE15, TW and SLE11-SP4 are already > covered. > The rest (cve/linux-3.12, and older ones) are missing. Backported patch is merged to cve/linux-3.12: commit 4eae973ae49fa5f377bb99415704116ed846ecaf Author: Lee, Chun-Yi <jlee@suse.com> Date: Fri Sep 14 18:10:54 2018 +0800 KEYS: prevent creating a different user's keyrings (bnc#1065999).
(In reply to Joey Lee from comment #6) > (In reply to Takashi Iwai from comment #5) > > (In reply to Takashi Iwai from comment #4) > > > SLE11-SP4 already contains it, too (via bsc#1065999), but not in other > > > branches. > > > > Just to make clear: SLE12-SP2/SP3, SLE15, TW and SLE11-SP4 are already > > covered. > > The rest (cve/linux-3.12, and older ones) are missing. > > Backported patch is merged to cve/linux-3.12: > > commit 4eae973ae49fa5f377bb99415704116ed846ecaf > Author: Lee, Chun-Yi <jlee@suse.com> > Date: Fri Sep 14 18:10:54 2018 +0800 > > KEYS: prevent creating a different user's keyrings > (bnc#1065999). I have backported this patch to SLE11-SP3-LTSS. Waiting merged.
(In reply to Takashi Iwai from comment #5) > The rest (cve/linux-3.12, and older ones) are missing. Any updates for SLE11-SP1-LTSS? Customer from bug 1119974 is requesting it. Thanks in advance.
SUSE-SU-2019:13937-1: An update that solves 12 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1031240,1039803,1066674,1071021,1094186,1094825,1104070,1104366,1104367,1107189,1108498,1109200,1113201,1113751,1113769,1114920,1115007,1115038,1116412,1116841,1117515,1118152,1118319,1119255,1119714,1120743,905299,936875,968018,990682 CVE References: CVE-2017-1000407,CVE-2017-16533,CVE-2017-7273,CVE-2018-18281,CVE-2018-18386,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9516,CVE-2018-9568 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-ppc64-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-source-3.0.101-0.47.106.59.1, kernel-syms-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.59.1, kernel-default-3.0.101-0.47.106.59.1, kernel-ec2-3.0.101-0.47.106.59.1, kernel-pae-3.0.101-0.47.106.59.1, kernel-trace-3.0.101-0.47.106.59.1, kernel-xen-3.0.101-0.47.106.59.1
(In reply to Takashi Iwai from comment #4) > SLE11-SP4 already contains it, too (via bsc#1065999), but not in other > branches. > > Joey, care to check this? Joey, please make sure that you annotate the patch with the CVE in all branches so this fix doesn't slip through cracks for other branches that might need it.
(In reply to Michal Hocko from comment #11) > (In reply to Takashi Iwai from comment #4) > > SLE11-SP4 already contains it, too (via bsc#1065999), but not in other > > branches. > > > > Joey, care to check this? > > Joey, please make sure that you annotate the patch with the CVE in all > branches so this fix doesn't slip through cracks for other branches that > might need it. Hi Michal, AFAICS all branches should be fixed by now. Otherwise, feel free to reopen the bug.