|Summary:||CVE-2014-0069 kernel: cifs: incorrect handling of bogus user pointers during uncached writes|
|Product:||[Other] Security Response||Reporter:||Petr Matousek <pmatouse>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||agordeev, anton, aquini, bhu, dhoward, esammons, fhrbata, gbarros, iboverma, jkacur, jkurik, jlayton, jross, kernel-mgr, lgoncalv, lwang, matt, mcressma, npajkovs, pholasek, security-response-team, sprabhu, williams|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-04-28 17:38:47 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1062578, 1062584, 1062585, 1062588, 1062590, 1065668, 1065669, 1065670|
Description Petr Matousek 2014-02-12 10:02:40 UTC
A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev() during uncached writes. An unprivileged local user with access to cifs share could use this flaw to crash the system or leak kernel memory. Privilege escalation cannot be ruled out (since memory corruption is involved), but is unlikely. The default cache settings for cifs mounts on Red Hat Enterprise Linux prohibit successful exploitation of this issue. Acknowledgements: Red Hat would like to thank Al Viro for reporting this issue.
Comment 3 Vincent Danen 2014-02-14 17:05:59 UTC
Patches have been reported to the linux-cifs mailing list: http://article.gmane.org/gmane.linux.kernel.cifs/9401 http://article.gmane.org/gmane.linux.kernel.cifs/9402 The CVE has not been mentioned in the patches, however. Only the first patch is required to fix the flaw. The second patch is to ensure that this does not get hit again in the future by adding extra protection.
Comment 6 Fedora Update System 2014-02-17 21:02:19 UTC
kernel-3.12.11-201.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2014-02-17 21:05:45 UTC
kernel-3.13.3-201.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Petr Matousek 2014-03-05 06:45:00 UTC
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.
Comment 9 errata-xmlrpc 2014-04-01 08:23:42 UTC
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0328 https://rhn.redhat.com/errata/RHSA-2014-0328.html