Bug 1318172 (CVE-2016-3156) - CVE-2016-3156 kernel: ipv4: denial of service when destroying a network interface
Summary: CVE-2016-3156 kernel: ipv4: denial of service when destroying a network inter...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1318270 1318271 1318272 1318688 1318689
Blocks: 1305558 1318173
TreeView+ depends on / blocked
 
Reported: 2016-03-16 08:42 UTC by Andrej Nemec
Modified: 2021-02-17 04:09 UTC (History)
31 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps "rtnl_lock" spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections. The problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:49:44 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2574 0 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2016-11-03 12:06:10 UTC
Red Hat Product Errata RHSA-2016:2584 0 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2016-11-03 12:08:49 UTC

Description Andrej Nemec 2016-03-16 08:42:56 UTC 
Destroy of network interface with huge number of ipv4 addresses
keeps rtnl_lock for a very long time (up to hour).
It blocks many network related operations,
including for example creation of new incoming ssh connections.

The problem is especially important for containers,
container owner have enough permission to enable this trigger
and then can block network access on whole host node.

Upstream fix:

http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2

References:

http://seclists.org/oss-sec/2016/q1/643

CVE assignment:

http://seclists.org/oss-sec/2016/q1/647
Comment 1 Vladis Dronov 2016-03-16 11:52:45 UTC 
Acknowledgements:

Name: the Virtuozzo kernel team, Solar Designer (Openwall)
Comment 2 Vladis Dronov 2016-03-16 11:56:57 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1318270]
Comment 8 Vladis Dronov 2016-03-16 13:48:03 UTC 
Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates, as the Linux containers which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.
Comment 11 Fedora Update System 2016-03-23 22:24:56 UTC 
kernel-4.4.6-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2016-03-23 23:59:41 UTC 
kernel-4.4.6-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2016-04-02 00:42:06 UTC 
kernel-4.5.0-302.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2016-04-02 15:49:52 UTC 
kernel-4.5.0-302.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 17 errata-xmlrpc 2016-11-03 16:11:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html
Comment 18 errata-xmlrpc 2016-11-03 19:43:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html
Comment 19 errata-xmlrpc 2016-11-03 21:33:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html
Comment 20 errata-xmlrpc 2016-11-03 21:48:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html
Note You need to log in before you can comment on or make changes to this bug.