Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1501215 - (CVE-2017-12193) CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitti...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20171102,repor...
: Security
Depends On: 1502622 1502626 1501286 1502620 1502621 1502623 1502624 1502625 1502627 1508717
Blocks: 1501233
  Show dependency treegraph
 
Reported: 2017-10-12 04:59 EDT by Adam Mariš
Modified: 2018-08-28 18:23 EDT (History)
48 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed upstream patch (2.82 KB, patch)
2017-10-12 05:10 EDT, Adam Mariš
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0151 normal SHIPPED_LIVE Important: kernel security and bug fix update 2018-01-25 11:17:48 EST

  None (edit)
Description Adam Mariš 2017-10-12 04:59:53 EDT
A flaw was found in the Linux kernels implementation of associative arrays introduced in 3.13.  The Red Hat Enterprise Linux 7 kernel had back ported this functionality to the 3.10 kernels and was affected by this flaw.  The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation.  This did not affect all callers of of the associative array code, only those that would try todereference the assigned value, a kernel panic will occur.

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b

Oss-security:
http://seclists.org/oss-sec/2017/q4/181
Comment 2 Adam Mariš 2017-10-12 05:10 EDT
Created attachment 1337630 [details]
Proposed upstream patch
Comment 4 Adam Mariš 2017-10-12 10:12:19 EDT
Acknowledgments:

Name: Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Shixiong Zhao (University of Hong Kong), Heming Cui (University of Hong Kong)
Comment 8 Wade Mealing 2017-10-16 07:07:54 EDT
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7,MRG-2 and realtime kernels. Future Linux kernel updates for the respective releases may address this issue.
Comment 10 David Howells 2017-10-28 18:02:12 EDT
This is now public, commit ea6789980fdaa610d7eb63602c746bf6ec70cd2b in Linus tree.
Comment 11 Wade Mealing 2017-11-01 23:05:55 EDT
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1508717]
Comment 12 errata-xmlrpc 2018-01-25 06:26:15 EST
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151

Note You need to log in before you can comment on or make changes to this bug.