Bug 912429 - (CVE-2014-9428) VUL-0: CVE-2014-9428: kernel: remote denial of service via batman-adv module
VUL-0: CVE-2014-9428: kernel: remote denial of service via batman-adv module
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 13.2
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-01-09 10:09 UTC by Alexander Bergmann
Modified: 2015-04-22 11:36 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-01-09 10:09:31 UTC
Via rh#1178826:

A remote denial of service (kernel crash) when batman-adv module is in use was reported at [1].

Upstream commit that fixes this issue can be found here:

[1]: https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2014-November/012561.html

This does not affect any SUSE Linux Enterprise version as the batman-adv module is not part of the SLE distibution.

We need to validate this issue for openSUSE.
Comment 1 Michal Hocko 2015-01-09 14:08:26 UTC
no business for TD branches as the file has been added around 3.13
Comment 2 Swamp Workflow Management 2015-01-09 23:00:34 UTC
bugbot adjusting priority
Comment 3 Michal Marek 2015-01-19 13:15:27 UTC
According to the commit message, the bug had been introduced in commit 610bfc6b, which is 3.13. So only openSUSE 13.2 is affected.
Comment 4 Jiri Bohac 2015-02-04 15:56:00 UTC
Pushed to openSUSE-13.2.
Comment 5 Johannes Segitz 2015-03-25 14:36:57 UTC
will be in the next openSUSE kernel update
Comment 6 Swamp Workflow Management 2015-04-13 12:13:12 UTC
openSUSE-SU-2015:0713-1: An update that solves 13 vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 867199,893428,895797,900811,901925,903589,903640,904899,905681,907039,907818,907988,908582,908588,908589,908592,908593,908594,908596,908598,908603,908604,908605,908606,908608,908610,908612,909077,909078,909477,909634,910150,910322,910440,911311,911325,911326,911356,911438,911578,911835,912061,912202,912429,912705,913059,913466,913695,914175,915425,915454,915456,915577,915858,916608,917830,917839,918954,918970,919463,920581,920604,921313,922542,922944
CVE References: CVE-2014-8134,CVE-2014-8160,CVE-2014-8559,CVE-2014-9419,CVE-2014-9420,CVE-2014-9428,CVE-2014-9529,CVE-2014-9584,CVE-2014-9585,CVE-2015-0777,CVE-2015-1421,CVE-2015-1593,CVE-2015-2150
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.6.6, cloop-2.639-14.6.6, crash-7.0.8-6.6, hdjmod-1.28-18.7.6, ipset-6.23-6.6, kernel-docs-3.16.7-13.2, kernel-obs-build-3.16.7-13.7, kernel-obs-qa-3.16.7-13.1, kernel-obs-qa-xen-3.16.7-13.1, kernel-source-3.16.7-13.1, kernel-syms-3.16.7-13.1, pcfclock-0.44-260.6.2, vhba-kmp-20140629-2.6.2, virtualbox-4.3.20-10.2, xen-4.4.1_08-12.2, xtables-addons-2.6-6.2