1154617 – (CVE-2019-18198) VUL-1: CVE-2019-18198: kernel-source: memory corruption due to a reference count usage error in the fib6_rule_suppress() function

Bug 1154617 (CVE-2019-18198) - VUL-1: CVE-2019-18198: kernel-source: memory corruption due to a reference count usage error in the fib6_rule_suppress() function

Summary: VUL-1: CVE-2019-18198: kernel-source: memory corruption due to a reference co...

Status:	RESOLVED FIXED

Alias:	CVE-2019-18198

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal (vote)
Target Milestone:	Current
Assignee:	Security Team bot
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/245442/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-10-21 12:05 UTC by Alexandros Toptsoglou
Modified:	2024-06-25 14:02 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2019-10-21 12:05:11 UTC

CVE-2019-18198

In the Linux kernel before 5.3.4, a reference count usage error in the
fib6_rule_suppress() function in the fib6 suppression feature of
net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited
by a local attacker to corrupt memory, aka CID-ca7a03c41753.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18198
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18198.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18198
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26
https://launchpad.net/bugs/1847478

Comment 1 Alexandros Toptsoglou 2019-10-21 12:06:48 UTC

It seems that only Factory is affected. All the internal codestreams are not affected.

Comment 2 Takashi Iwai 2019-10-21 12:20:52 UTC

The commit 7d9e5f422150 is included in 5.3-rc1, which is for SLE15-SP2 / Leap 15.2, too.

Comment 3 Michal Kubeček 2019-10-23 08:06:04 UTC

(In reply to Takashi Iwai from comment #2)
> The commit 7d9e5f422150 is included in 5.3-rc1, which is for SLE15-SP2 /
> Leap 15.2, too.

Yes, but commit ca7a03c41753 has been picked for 5.3.4 stable update and
SLE15-SP2 and openSUSE-15.2 are already at 5.3.7 so all we need is to add
the CVE and bugzilla references.

Comment 4 Takashi Iwai 2019-10-24 09:55:09 UTC

OK, I updated the reference.

Reassigned back to security team.

Comment 5 Alexandros Toptsoglou 2020-05-12 11:30:23 UTC

Done