Bug 1501215 (CVE-2017-12193) - CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation
Summary: CVE-2017-12193 kernel: Null pointer dereference due to incorrect node-splitti...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-12193
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1501286 1502620 1502621 1502622 1502623 1502624 1502625 1502626 1502627 1508717
Blocks: 1501233
TreeView+ depends on / blocked
 
Reported: 2017-10-12 08:59 UTC by Adam Mariš
Modified: 2021-02-17 01:23 UTC (History)
47 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:29:20 UTC
Embargoed:

Attachments (Terms of Use)
Proposed upstream patch (2.82 KB, patch)
2017-10-12 09:10 UTC, Adam Mariš 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0151 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2018-01-25 16:17:48 UTC

Description Adam Mariš 2017-10-12 08:59:53 UTC 
A flaw was found in the Linux kernels implementation of associative arrays introduced in 3.13.  The Red Hat Enterprise Linux 7 kernel had back ported this functionality to the 3.10 kernels and was affected by this flaw.  The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation.  This did not affect all callers of of the associative array code, only those that would try todereference the assigned value, a kernel panic will occur.

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea6789980fdaa610d7eb63602c746bf6ec70cd2b

Oss-security:
http://seclists.org/oss-sec/2017/q4/181
Comment 2 Adam Mariš 2017-10-12 09:10:39 UTC 
Created attachment 1337630 [details]
Proposed upstream patch
Comment 4 Adam Mariš 2017-10-12 14:12:19 UTC 
Acknowledgments:

Name: Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Shixiong Zhao (University of Hong Kong), Heming Cui (University of Hong Kong)
Comment 8 Wade Mealing 2017-10-16 11:07:54 UTC 
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7,MRG-2 and realtime kernels. Future Linux kernel updates for the respective releases may address this issue.
Comment 10 David Howells 2017-10-28 22:02:12 UTC 
This is now public, commit ea6789980fdaa610d7eb63602c746bf6ec70cd2b in Linus tree.
Comment 11 Wade Mealing 2017-11-02 03:05:55 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1508717]
Comment 12 errata-xmlrpc 2018-01-25 11:26:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
Note You need to log in before you can comment on or make changes to this bug.