Bug 1184191 (CVE-2021-29646) - VUL-1: CVE-2021-29646: kernel-source,kernel-source-rt,kernel-source-azure: tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes
Summary: VUL-1: CVE-2021-29646: kernel-source,kernel-source-rt,kernel-source-azure: ti...
Status: RESOLVED WORKSFORME
Alias: CVE-2021-29646
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/280754/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-31 07:20 UTC by Robert Frohl
Modified: 2021-03-31 10:06 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-03-31 07:20:23 UTC 
CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key
in net/tipc/node.c does not properly validate certain data sizes, aka
CID-0217ed2848e8.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29646
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb
Comment 1 Robert Frohl 2021-03-31 07:27:11 UTC 
git show 0217ed2848e8
> Fixes: e1f32190cf7d ("tipc: add support for AEAD key setting via netlink")

e1f32190cf7d only part of v5.5 and on. Could not find any backports. therefor tracking SUSE kernels as not affected.
Comment 2 Takashi Iwai 2021-03-31 08:05:59 UTC 
Right, only stable branch is affected and it has already the fix from 5.11.11 stable kernel.

Reassigned back to security team.
Comment 3 Robert Frohl 2021-03-31 10:06:32 UTC 
done