Bug 1210643 (CVE-2023-2177) - VUL-0: CVE-2023-2177: kernel-source-rt,kernel-source,kernel-source-azure: NULL pointer dereference in sctp_sched_dequeue_common()
Summary: VUL-0: CVE-2023-2177: kernel-source-rt,kernel-source,kernel-source-azure: NUL...
Status: RESOLVED FIXED
Alias: CVE-2023-2177
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/363988/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-2177:5.5:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-19 11:03 UTC by Carlos López
Modified: 2024-05-06 12:39 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2023-04-19 11:03:18 UTC 
CVE-2023-2177

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux before 5.18. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

Affected component: stcp protocol

References:
https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2177
https://bugzilla.redhat.com/show_bug.cgi?id=2187953
Comment 1 Carlos López 2023-04-19 11:11:10 UTC 
Fixed in:
https://github.com/torvalds/linux/commit/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d

$ git describe --contains 5bbbbe32a431
v4.15-rc1~84^2~567^2~4

$ git describe --contains 181d8d2066c0
v5.19~17^2~5

The following branches are missing the patch:
- cve/linux-5.3
- SLE15-SP4
- SLE15-SP5-GA (unsure if this still gets patches)

Already fixed in SLE15-SP5.
Comment 2 Joey Lee 2023-04-20 04:05:07 UTC 
Hi Michal, 

Because this issue is about net/sctp. Could you please help to look at it? 

If this area is not handled by you. Just feel free to set assigner back to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert.

Thanks a lot!
Comment 8 Petr Mladek 2023-09-15 09:12:57 UTC 
Assigning the bug back to Michal. I guess that it has been unassigned by mistake.
Feel free to reassign it to Denis if it helps to balance the high load which you both are under.
Comment 9 Michal Kubeček 2023-09-15 15:30:19 UTC 
introduced      5bbbbe32a431    4.15-rc1
fixed           181d8d2066c0    5.19

SLE15-SP4       337b7d8d7da3    (merged)
cve/linux-5.3   2ef1e9d49d9f

The fix has been submitted to all relevant branches. Reassigning back to
security team.
Comment 17 Maintenance Automation 2023-10-05 16:29:19 UTC 
SUSE-SU-2023:3988-1: An update that solves 24 vulnerabilities, contains 10 features and has 64 security fixes can now be installed.

Category: security (important)
Bug References: 1023051, 1065729, 1120059, 1177719, 1187236, 1188885, 1193629, 1194869, 1203329, 1203330, 1205462, 1206453, 1208902, 1208949, 1208995, 1209284, 1209799, 1210048, 1210169, 1210448, 1210643, 1211220, 1212091, 1212142, 1212423, 1212526, 1212857, 1212873, 1213026, 1213123, 1213546, 1213580, 1213601, 1213666, 1213733, 1213757, 1213759, 1213916, 1213921, 1213927, 1213946, 1213949, 1213968, 1213970, 1213971, 1214000, 1214019, 1214073, 1214120, 1214149, 1214180, 1214233, 1214238, 1214285, 1214297, 1214299, 1214305, 1214350, 1214368, 1214370, 1214371, 1214372, 1214380, 1214386, 1214392, 1214393, 1214397, 1214404, 1214428, 1214451, 1214635, 1214659, 1214661, 1214727, 1214729, 1214742, 1214743, 1214756, 1214813, 1214873, 1214928, 1214976, 1214988, 1215123, 1215124, 1215148, 1215221, 1215523
CVE References: CVE-2022-38457, CVE-2022-40133, CVE-2023-1192, CVE-2023-1859, CVE-2023-2007, CVE-2023-20588, CVE-2023-2177, CVE-2023-34319, CVE-2023-3610, CVE-2023-37453, CVE-2023-3772, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4133, CVE-2023-4134, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-4387, CVE-2023-4459, CVE-2023-4563, CVE-2023-4569, CVE-2023-4881
Jira References: PED-2023, PED-2025, PED-3924, PED-4579, PED-4759, PED-4927, PED-4929, PED-5738, PED-6003, PED-6004
Sources used:
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.18.1, kernel-source-rt-5.14.21-150500.13.18.1
openSUSE Leap 15.5 (src): kernel-syms-rt-5.14.21-150500.13.18.1, kernel-livepatch-SLE15-SP5-RT_Update_5-1-150500.11.3.1, kernel-source-rt-5.14.21-150500.13.18.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_5-1-150500.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Maintenance Automation 2023-10-10 16:35:22 UTC 
SUSE-SU-2023:4030-1: An update that solves 13 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1207036, 1208995, 1210169, 1210643, 1212703, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_41-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2023-10-12 12:46:26 UTC 
SUSE-SU-2023:4058-1: An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1187236, 1201284, 1202845, 1206453, 1208995, 1210169, 1210643, 1210658, 1212639, 1212703, 1213123, 1213534, 1213808, 1214022, 1214037, 1214040, 1214233, 1214351, 1214479, 1214543, 1214635, 1214813, 1214873, 1214928, 1214940, 1214941, 1214942, 1214943, 1214944, 1214945, 1214946, 1214947, 1214948, 1214949, 1214950, 1214951, 1214952, 1214953, 1214954, 1214955, 1214957, 1214958, 1214959, 1214961, 1214962, 1214963, 1214964, 1214965, 1214966, 1214967, 1214986, 1214988, 1214990, 1214991, 1214992, 1214993, 1214995, 1214997, 1214998, 1215115, 1215117, 1215123, 1215124, 1215148, 1215150, 1215221, 1215275, 1215322, 1215467, 1215523, 1215581, 1215752, 1215858, 1215860, 1215861, 1215875, 1215877, 1215894, 1215895, 1215896, 1215899, 1215911, 1215915, 1215916, 1215941, 1215956, 1215957
CVE References: CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345
Jira References: PED-1549, PED-2023, PED-2025
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Maintenance Automation 2023-10-17 16:30:20 UTC 
SUSE-SU-2023:4095-1: An update that solves 14 vulnerabilities and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1176588, 1202845, 1207036, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_37-1-150300.7.5.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Proxy 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Retail Branch Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Manager Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Maintenance Automation 2023-10-20 12:30:08 UTC 
SUSE-SU-2023:4142-1: An update that solves 13 vulnerabilities and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1176588, 1202845, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Robert Frohl 2024-05-06 12:39:18 UTC 
done, closing