Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1349722 - (CVE-2016-4997) CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt
CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20160624,repo...
: Security
: IP6T_SO_SET_REPLACE (view as bug list)
Depends On: 1318693 1318694 1318695 1350769 1351030 1351031 1351032 1351033 1351034 1351035 1351036 1351037 1364809 1364810
Blocks: 1349713
  Show dependency treegraph
 
Reported: 2016-06-24 01:39 EDT by Wade Mealing
Modified: 2018-08-28 18:06 EDT (History)
38 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1847 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2016-09-15 07:38:04 EDT
Red Hat Product Errata RHSA-2016:1875 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2016-09-15 07:39:21 EDT
Red Hat Product Errata RHSA-2016:1883 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2016-09-14 23:41:02 EDT

  None (edit)
Description Wade Mealing 2016-06-24 01:39:32 EDT 
A flaw was discovered in processing setsockopt for 32 bit processes on
64 bit systems.  This flaw will allow attackers to alter arbitary kernel
memory when unloading a kernel module.  This action is usually restricted
to root-priveledged users but can also be leveraged if the kernel is
compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated priveledges.

This flaw was introduced in commit 52e804c6dfaa,


Upstream fixes

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968

Discussion on oss-sec:
http://www.openwall.com/lists/oss-security/2016/06/24/5
Comment 6 Andrej Nemec 2016-06-27 02:37:40 EDT 
Public via:

http://seclists.org/oss-sec/2016/q2/599
Comment 8 Wade Mealing 2016-06-28 04:27:32 EDT 
Statement:

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux  7, MRG-2 and realtime and will be addressed in a future update.
Comment 11 Adam Mariš 2016-06-28 07:02:24 EDT 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1350769]
Comment 18 Fedora Update System 2016-06-30 17:24:53 EDT 
kernel-4.6.3-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2016-07-19 03:19:46 EDT 
kernel-4.4.14-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 20 errata-xmlrpc 2016-09-14 19:43:39 EDT 
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2016:1883 https://rhn.redhat.com/errata/RHSA-2016-1883.html
Comment 21 errata-xmlrpc 2016-09-15 04:02:03 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1847 https://rhn.redhat.com/errata/RHSA-2016-1847.html
Comment 22 errata-xmlrpc 2016-09-15 04:11:10 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1875 https://rhn.redhat.com/errata/RHSA-2016-1875.html
Comment 23 Charlie Brady 2016-09-29 12:04:38 EDT 
Is the fix for RHEL6 still in the pipeline?  Am I right in understanding that network namespaces need to be enabled before the vulnerability is exploitable?
Comment 24 Petr Matousek 2016-10-10 07:01:51 EDT 
*** Bug 1383265 has been marked as a duplicate of this bug. ***
Comment 25 Wade Mealing 2016-10-13 03:30:16 EDT 
The fix for EL6 is not in the pipeline, it was my misunderstanding of the code that marked it vulnerable and I have corrected that understanding in the statement. Sorry for any confusion Charlie Brady.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.