Bug 1010475 – VUL-0: CVE-2016-7914: kernel: Incomplete check in assoc_array_insert_into_terminal_node allowing for DoS or memory disclosure

Bug 1010475 - (CVE-2016-7914) VUL-0: CVE-2016-7914: kernel: Incomplete check in assoc_array_insert_into_terminal_node allowing for DoS or memory disclosure

(CVE-2016-7914)
Summary:	VUL-0: CVE-2016-7914: kernel: Incomplete check in assoc_array_insert_into_ter...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/176399/
Whiteboard:	CVSSv2:SUSE:CVE-2016-7914:5.4:(AV:L/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-11-16 13:23 UTC by Johannes Segitz
Modified:	2021-08-25 09:29 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-11-16 13:23:14 UTC

CVE-2016-7914

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the
Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows
local users to obtain sensitive information from kernel memory or cause a denial
of service (invalid pointer dereference and out-of-bounds read) via an
application that uses associative-array data structures, as demonstrated by the
keyutils test suite.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7914
https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2

Comment 1 Takashi Iwai 2016-11-16 14:38:46 UTC

SLE12-SP2/SP3, openSUSE-42.2: 4.4.9 already contains the fix.
openSUSE-42.1: 4.1.23 already contains the fix.

Comment 2 Takashi Iwai 2016-11-16 15:18:02 UTC

I backported to cve/linux-3.12 and openSUSE-13.2 branches, where the patch could be cleanly applied.

SLE11-SP4 and older have no lib/assoc_array.c, so they are not affected.

So now all branches are covered.

Comment 3 Swamp Workflow Management 2016-11-16 23:03:50 UTC

bugbot adjusting priority

Comment 4 Swamp Workflow Management 2016-12-08 19:08:18 UTC

openSUSE-SU-2016:3061-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1001486,1004517,1007615,1008833,1010040,1010150,1010467,1010475,1010478,1010501,1010502,1010711,1010716,1011685,1012754,934067,990384,993739,999577,999907
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2016-7042,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-7916,CVE-2016-8633,CVE-2016-8646,CVE-2016-8655,CVE-2016-9555
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.26.1, cloop-2.639-14.26.1, crash-7.0.8-26.1, hdjmod-1.28-18.27.1, ipset-6.23-26.1, kernel-debug-3.16.7-53.1, kernel-default-3.16.7-53.1, kernel-desktop-3.16.7-53.1, kernel-docs-3.16.7-53.2, kernel-ec2-3.16.7-53.1, kernel-obs-build-3.16.7-53.2, kernel-obs-qa-3.16.7-53.1, kernel-pae-3.16.7-53.1, kernel-source-3.16.7-53.1, kernel-syms-3.16.7-53.1, kernel-vanilla-3.16.7-53.1, kernel-xen-3.16.7-53.1, pcfclock-0.44-260.26.1, vhba-kmp-20140629-2.26.1, virtualbox-5.0.30-62.1, xen-4.4.4_05-55.1, xtables-addons-2.6-28.1

Comment 5 Swamp Workflow Management 2017-02-06 20:10:14 UTC

SUSE-SU-2017:0407-1: An update that solves 24 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008831,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011685,1012060,1012422,1012754,1012917,1012985,1013001,1013038,1013479,1013531,1013533,1013540,1013604,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8645,CVE-2016-8655,CVE-2016-9083,CVE-2016-9084,CVE-2016-9555,CVE-2016-9576,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.69-60.30.1, kernel-compute_debug-3.12.69-60.30.1, kernel-rt-3.12.69-60.30.1, kernel-rt_debug-3.12.69-60.30.1, kernel-source-rt-3.12.69-60.30.1, kernel-syms-rt-3.12.69-60.30.1

Comment 6 Swamp Workflow Management 2017-02-14 23:11:44 UTC

SUSE-SU-2017:0464-1: An update that solves 19 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1012060,1012422,1012917,1012985,1013001,1013038,1013479,1013531,1013540,1013542,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017589,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.69-60.64.29.3, kernel-obs-build-3.12.69-60.64.29.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.69-60.64.29.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_12-1-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1

Comment 7 Swamp Workflow Management 2017-02-15 20:09:49 UTC

SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943
CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.66.1

Comment 8 Marcus Meissner 2017-03-02 13:23:06 UTC

done