Bug 1008842 (CVE-2016-9191)

Summary: VUL-1: CVE-2016-9191: kernel: local DoS with cgroup offline code
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: astieger, bpetkov, meissner, mhocko, security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/174733/
Whiteboard: CVSSv2:SUSE:CVE-2016-9191:4.7:(AV:L/AC:M/Au:N/C:N/I:N/A:C) CVSSv3.1:SUSE:CVE-2016-9191:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2016-11-07 10:27:22 UTC 
Quoting oss-sec:

A malicious user who can run an arbitrary image with a non-privileged user
in a Container-as-a-service cloud environment could use the exploit to
deadlock the container nodes to deny the service for other users.

This is confirmed to affect the latest mainline kernel (4.9-rc3) using this
kernel config, http://people.redhat.com/qcai/tmp/config-god-4.9rc2
and as old as v3.17. RHEL 7.3 kernel is not affected.


CVE-2016-9191


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9191
http://seclists.org/oss-sec/2016/q4/346
Comment 2 Swamp Workflow Management 2016-11-07 23:02:13 UTC 
bugbot adjusting priority
Comment 4 Michal Hocko 2016-11-22 07:47:30 UTC 
I am sorry but I am not that familiar with cpuset cgroup controller. So we have to wait for the upstream fix.
Comment 6 Michal Hocko 2017-03-01 13:22:25 UTC 
SLE12-SP[12] already have the fix from stable so I guess we are done here?
Comment 7 Marcus Meissner 2017-03-01 13:36:44 UTC 
can you tag the stable commits in git with this bug and CVE?
Comment 8 Michal Hocko 2017-03-01 13:57:34 UTC 
Done
Comment 9 Swamp Workflow Management 2017-04-01 13:11:52 UTC 
openSUSE-SU-2017:0907-1: An update that solves 11 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1007959,1007962,1008842,1011913,1012910,1013994,1015609,1017461,1017641,1018263,1018419,1019163,1019618,1020048,1022785,1023866,1024015,1025235,1025683,1026405,1026462,1026505,1026509,1026692,1026722,1027054,1027066,1027179,1027189,1027190,1027195,1027273,1027565,1027575,1028017,1028041,1028158,1028217,1028325,1028372,1028415,1028819,1028895,1029220,1029986,1030573,1030575,951844,968697,969755,982783,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-9191,CVE-2017-2596,CVE-2017-2636,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.57-18.3.1, kernel-default-4.4.57-18.3.1, kernel-docs-4.4.57-18.3.2, kernel-obs-build-4.4.57-18.3.1, kernel-obs-qa-4.4.57-18.3.1, kernel-source-4.4.57-18.3.1, kernel-syms-4.4.57-18.3.1, kernel-vanilla-4.4.57-18.3.1
Comment 10 Swamp Workflow Management 2017-05-05 13:12:07 UTC 
SUSE-SU-2017:1183-1: An update that solves 16 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 1007959,1007962,1008842,1010032,1011913,1012382,1012910,1013994,1014136,1015609,1017461,1017641,1018263,1018419,1019163,1019614,1019618,1020048,1021762,1022340,1022785,1023866,1024015,1025683,1026024,1026405,1026462,1026505,1026509,1026692,1026722,1027054,1027066,1027153,1027179,1027189,1027190,1027195,1027273,1027616,1028017,1028027,1028041,1028158,1028217,1028325,1028415,1028819,1028895,1029220,1029514,1029634,1029986,1030118,1030213,1031003,1031052,1031200,1031206,1031208,1031440,1031481,1031579,1031660,1031662,1031717,1031831,1032006,1032673,1032681,897662,951844,968697,969755,970083,977572,977860,978056,980892,981634,982783,987899,988281,991173,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-9191,CVE-2017-2596,CVE-2017-2671,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7374
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.59-92.17.3
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.59-92.17.8, kernel-obs-build-4.4.59-92.17.3
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.59-92.17.3, kernel-source-4.4.59-92.17.2, kernel-syms-4.4.59-92.17.2
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.59-92.17.3, kernel-source-4.4.59-92.17.2, kernel-syms-4.4.59-92.17.2
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_7-1-2.3
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.59-92.17.3
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.59-92.17.3, kernel-source-4.4.59-92.17.2, kernel-syms-4.4.59-92.17.2
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.59-92.17.3
Comment 11 Swamp Workflow Management 2017-05-19 16:11:05 UTC 
SUSE-SU-2017:1360-1: An update that solves 30 vulnerabilities and has 72 fixes is now available.

Category: security (important)
Bug References: 1003077,1008842,1009682,1012620,1012985,1015703,1015787,1015821,1017512,1018100,1018263,1018419,1018446,1019168,1019514,1020048,1020795,1021256,1021374,1021762,1021913,1022559,1022971,1023164,1023207,1023377,1023762,1023824,1023888,1023992,1024081,1024234,1024309,1024508,1024788,1025039,1025235,1025354,1025802,1026024,1026722,1026914,1027066,1027178,1027189,1027190,1027974,1028041,1028415,1028595,1028648,1028895,1029470,1029850,1029986,1030118,1030213,1030593,1030901,1031003,1031052,1031080,1031440,1031567,1031579,1031662,1031842,1032125,1032141,1032344,1032345,1033336,1034670,103470,1034700,1035576,1035699,1035738,1035877,1036752,1038261,799133,857926,914939,917630,922853,930399,931620,937444,940946,954763,968697,970083,971933,979215,982783,983212,984530,985561,988065,989056,993832
CVE References: CVE-2015-1350,CVE-2016-10044,CVE-2016-10200,CVE-2016-10208,CVE-2016-2117,CVE-2016-3070,CVE-2016-5243,CVE-2016-7117,CVE-2016-9191,CVE-2016-9588,CVE-2016-9604,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5897,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616,CVE-2017-7645,CVE-2017-8106
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.74-60.64.40.4, kernel-obs-build-3.12.74-60.64.40.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1, kernel-source-3.12.74-60.64.40.1, kernel-syms-3.12.74-60.64.40.1, kernel-xen-3.12.74-60.64.40.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.40.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_15-1-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.74-60.64.40.1, kernel-source-3.12.74-60.64.40.1, kernel-syms-3.12.74-60.64.40.1, kernel-xen-3.12.74-60.64.40.1
Comment 12 Swamp Workflow Management 2017-07-28 13:11:58 UTC 
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available.

Category: security (important)
Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1
Comment 13 Marcus Meissner 2017-10-24 09:13:44 UTC 
released