Bug 911325 (CVE-2014-9420)

Summary: VUL-0: CVE-2014-9420: kernel-source: fs: isofs: infinite loop in CE record entries
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mhocko, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/111836/
Whiteboard: CVSSv2:SUSE:CVE-2014-9728:1.9:(AV:L/AC:M/Au:N/C:P/I:N/A:N) maint:released:sle10-sp3:60432 maint:released:sle10-sp4:61438 maint:released:sle10-sp4:61439 maint:released:sle11-sp1:60464 maint:released:sle11-sp1:60689 maint:released:sle11-sp1:60690 maint:released:sle11-sp1:60691 maint:released:sle11-sp3:60951 maint:released:sle11-sp3:60952 maint:released:sle11-sp3:60953 maint:released:sle11-sp3:60954 maint:released:sle11-sp3:60955 maint:released:sle11-sp3:60956 maint:released:sle11-sp3:60957 maint:released:sle11-sp3:60958 maint:released:sle11-sp3:60959 maint:released:sle11-sp3:61403
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Victor Pereira 2014-12-29 09:25:36 UTC 
CVE-2014-9420

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1
does not restrict the number of Rock Ridge continuation entries, which allows
local users to cause a denial of service (infinite loop, and system crash or
hang) via a crafted iso9660 image.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1175235
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9420
http://www.openwall.com/lists/oss-security/2014/12/25/4
http://www.cvedetails.com/cve/CVE-2014-9420/
https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d
Comment 1 Michal Hocko 2014-12-29 10:28:32 UTC 
pushed to SLE11-SP1-TD and SLES10-SP3-TD branches.
Comment 2 Swamp Workflow Management 2014-12-29 23:00:13 UTC 
bugbot adjusting priority
Comment 3 Jan Kara 2015-01-06 22:00:24 UTC 
I've pushed the fix (and also couple of other UDF and iso9660 fixes which will likely get CVEs soon as well) to SLE12, openSUSE-13.2, openSUSE-13.1, SLE11-SP3, SLE11-SP2-LTSS, and SLE11-SP1-LTSS branches. SLE10 backports will come tomorrow.
Comment 4 Jan Kara 2015-01-07 10:41:20 UTC 
OK, SLES10-SP4-LTSS, SLES10_SP3_LTSS, and SLES10_SP2_LTSS branches now have backports as well. So everything should be done from my end. Reassigning to security-team.
Comment 6 Swamp Workflow Management 2015-01-28 13:54:03 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-02-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60426
Comment 8 Swamp Workflow Management 2015-01-28 14:11:26 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60430
Comment 9 Swamp Workflow Management 2015-01-30 10:15:35 UTC 
SUSE-SU-2015:0178-1: An update that solves 5 vulnerabilities and has 59 fixes is now available.

Category: security (important)
Bug References: 800255,809493,829110,856659,862374,873252,875220,884407,887108,887597,889192,891086,891277,893428,895387,895814,902232,902346,902349,903279,903640,904053,904177,904659,904969,905087,905100,906027,906140,906545,907069,907325,907536,907593,907714,907818,907969,907970,907971,907973,908057,908163,908198,908803,908825,908904,909077,909092,909095,909829,910249,910697,911181,911325,912129,912278,912281,912290,912514,912705,912946,913233,913387,913466
CVE References: CVE-2014-3687,CVE-2014-3690,CVE-2014-8559,CVE-2014-9420,CVE-2014-9585
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.36-38.3, kernel-obs-build-3.12.36-38.2
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.36-38.1, kernel-syms-3.12.36-38.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.36-38.1, kernel-syms-3.12.36-38.1
Comment 10 Swamp Workflow Management 2015-02-26 09:56:38 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60808
Comment 11 Swamp Workflow Management 2015-03-24 06:19:55 UTC 
SUSE-SU-2015:0581-1: An update that solves 21 vulnerabilities and has 67 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-ec2-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.7, gfs2-2-0.17.1.7, ocfs2-1.6-0.21.1.7
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-source-3.0.101-0.47.50.1, kernel-syms-3.0.101-0.47.50.1, kernel-trace-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1, xen-4.2.5_04-0.7.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.47.50.1, kernel-default-3.0.101-0.47.50.1, kernel-pae-3.0.101-0.47.50.1, kernel-ppc64-3.0.101-0.47.50.1, kernel-xen-3.0.101-0.47.50.1
Comment 12 Swamp Workflow Management 2015-04-02 00:11:07 UTC 
SUSE-SU-2015:0652-1: An update that solves 17 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 771619,833820,846404,857643,875051,885077,891211,892235,896390,896391,896779,899338,902346,902349,902351,904700,905100,905312,907822,908870,911325,912654,912705,912916,913059,915335,915826
CVE References: CVE-2010-5313,CVE-2012-6657,CVE-2013-4299,CVE-2013-7263,CVE-2014-0181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-7841,CVE-2014-7842,CVE-2014-8160,CVE-2014-8709,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    kernel-default-2.6.32.59-0.19.1, kernel-ec2-2.6.32.59-0.19.1, kernel-pae-2.6.32.59-0.19.1, kernel-source-2.6.32.59-0.19.1, kernel-syms-2.6.32.59-0.19.1, kernel-trace-2.6.32.59-0.19.1, kernel-xen-2.6.32.59-0.19.1, xen-4.0.3_21548_18-0.9.17
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.19.1, kernel-pae-2.6.32.59-0.19.1, kernel-xen-2.6.32.59-0.19.1
Comment 13 Marcus Meissner 2015-04-08 12:33:12 UTC 
released i think
Comment 14 Swamp Workflow Management 2015-04-13 12:11:42 UTC 
openSUSE-SU-2015:0713-1: An update that solves 13 vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 867199,893428,895797,900811,901925,903589,903640,904899,905681,907039,907818,907988,908582,908588,908589,908592,908593,908594,908596,908598,908603,908604,908605,908606,908608,908610,908612,909077,909078,909477,909634,910150,910322,910440,911311,911325,911326,911356,911438,911578,911835,912061,912202,912429,912705,913059,913466,913695,914175,915425,915454,915456,915577,915858,916608,917830,917839,918954,918970,919463,920581,920604,921313,922542,922944
CVE References: CVE-2014-8134,CVE-2014-8160,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9428,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-0777,CVE-2015-1421,CVE-2015-1593,CVE-2015-2150
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.6.6, cloop-2.639-14.6.6, crash-7.0.8-6.6, hdjmod-1.28-18.7.6, ipset-6.23-6.6, kernel-docs-3.16.7-13.2, kernel-obs-build-3.16.7-13.7, kernel-obs-qa-3.16.7-13.1, kernel-obs-qa-xen-3.16.7-13.1, kernel-source-3.16.7-13.1, kernel-syms-3.16.7-13.1, pcfclock-0.44-260.6.2, vhba-kmp-20140629-2.6.2, virtualbox-4.3.20-10.2, xen-4.4.1_08-12.2, xtables-addons-2.6-6.2
Comment 15 Swamp Workflow Management 2015-04-13 12:18:35 UTC 
openSUSE-SU-2015:0714-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 903640,904899,907988,909078,910150,911325,911326,912202,912654,912705,913059,913695,914175,915322,917839,920901
CVE References: CVE-2014-7822,CVE-2014-8134,CVE-2014-8160,CVE-2014-8173,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.19.1, crash-7.0.2-2.19.1, hdjmod-1.28-16.19.1, ipset-6.21.1-2.23.1, iscsitarget-1.4.20.3-13.19.1, kernel-docs-3.11.10-29.2, kernel-source-3.11.10-29.1, kernel-syms-3.11.10-29.1, ndiswrapper-1.58-19.1, pcfclock-0.44-258.19.1, vhba-kmp-20130607-2.20.1, virtualbox-4.2.28-2.28.1, xen-4.3.3_04-37.1, xtables-addons-2.3-2.19.1
Comment 16 Swamp Workflow Management 2015-04-20 19:20:29 UTC 
SUSE-SU-2015:0736-1: An update that solves 21 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910251,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250,924282
CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.28.1.14, drbd-kmp-8.4.4-0.23.1.14, iscsitarget-1.4.20-0.39.1.14, kernel-rt-3.0.101.rt130-0.33.36.1, kernel-rt_trace-3.0.101.rt130-0.33.36.1, kernel-source-rt-3.0.101.rt130-0.33.36.1, kernel-syms-rt-3.0.101.rt130-0.33.36.1, lttng-modules-2.1.1-0.12.1.13, ocfs2-1.6-0.21.1.14, ofed-1.5.4.1-0.14.1.14
Comment 17 Swamp Workflow Management 2015-04-30 19:16:36 UTC 
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available.

Category: security (important)
Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325
CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1