Bug 1310570 (CVE-2016-4565)
Summary: | CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | agordeev, anemec, aquini, bhu, cap, dhoward, dledford, esammons, fhrbata, gcturner, iboverma, jkacur, joelsmith, jross, kent, kernel-mgr, kstutsma, lgoncalv, lwang, matt, mcressma, mguzik, mrichter, nmurray, pholasek, plougher, pmatouse, rvrbovsk, security-response-team, slawomir, tgummels, vdronov, williams, wmealing, woodard |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-26 03:40:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1316685, 1332547, 1332548, 1332553, 1332558, 1332559, 1332560, 1332564, 1334219, 1336754, 1340792, 1340793, 1340794, 1340795, 1340796, 1340797 | ||
Bug Blocks: | 1310573, 1334220 |
Description
Adam Mariš
2016-02-22 09:23:51 UTC
Acknowledgments: Name: Jann Horn Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue. Internal CVE assignment: CVE-2016-2189. This is Red Hat's private CVE ID and it was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you. [later update] please, disregard ^^^. due to the flaw has gone public, MIRTE has allocated another CVE-2016-4565 (http://seclists.org/oss-sec/2016/q2/274). lets stick to using this. *** Bug 1334217 has been marked as a duplicate of this bug. *** (In reply to Adam Mariš from comment #5) > Internal CVE assignment: CVE-2016-2189. This is Red Hat's private CVE ID and > it was assigned to this security flaw. Please, use it in the public > communications regarding this flaw, thank you. CVE assigned a new CVE id to this issue as per http://seclists.org/oss-sec/2016/q2/274 . We're going to request CVE-2016-2189 to be rejected. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1336754] I'm curious, what kind of info is needed? There is an Important vulnerability and a patch. It's been, depending on how you measure, a month with no action... (In reply to Peter K from comment #17) > It's been, depending on how you measure, a month with no action... We are currently planning to include the fixes for this issue in one of the upcoming regular kernel updates for the respective releases. If you need the fix earlier, please contact Red Hat Support (https://www.redhat.com/en/services/support) and request a hotfix and/or kpatch hotfix if eligible. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1277 https://access.redhat.com/errata/RHSA-2016:1277 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1301 https://access.redhat.com/errata/RHSA-2016:1301 This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2016:1341 https://access.redhat.com/errata/RHSA-2016:1341 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1406 https://access.redhat.com/errata/RHSA-2016:1406 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2016:1489 https://rhn.redhat.com/errata/RHSA-2016-1489.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2016:1581 https://rhn.redhat.com/errata/RHSA-2016-1581.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 Advanced Update Support Via RHSA-2016:1617 https://rhn.redhat.com/errata/RHSA-2016-1617.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Extended Update Support Via RHSA-2016:1640 https://rhn.redhat.com/errata/RHSA-2016-1640.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 Extended Update Support Via RHSA-2016:1657 https://rhn.redhat.com/errata/RHSA-2016-1657.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2016:1814 https://rhn.redhat.com/errata/RHSA-2016-1814.html |