Bug 1354525 (CVE-2016-6327) - CVE-2016-6327 kernel: infiniband: Kernel crash by sending ABORT_TASK command
Summary: CVE-2016-6327 kernel: infiniband: Kernel crash by sending ABORT_TASK command
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-6327
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering1342604 Engineering1368307 Engineering1368308 Engineering1368309 Engineering1368310 Engineering1368311
Blocks: Embargoed1354527
TreeView+ depends on / blocked
 
Reported: 2016-07-11 13:40 UTC by Adam Mariš
Modified: 2021-02-17 03:37 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:56:09 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2574 0 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2016-11-03 12:06:10 UTC
Red Hat Product Errata RHSA-2016:2584 0 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2016-11-03 12:08:49 UTC

Description Adam Mariš 2016-07-11 13:40:33 UTC 
System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.

There were multiple areas in which aborting a scsi command are able to be handled, moving this to the correct location in the state machine ensured that this condition was never triggered through this code path.\

The null pointer situation was enabled via a non attacker controlled memset, and this is not a use after free.

Product bug:

Engineeringhttps://bugzilla.redhat.com/show_bug.cgi?id=1342604

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51093254bf87

http://seclists.org/oss-sec/2016/q3/334
Comment 4 Wade Mealing 2016-08-19 04:06:39 UTC 
Statement:

This issue affects Red Hat Enterprise Linux 7 and MRG-2 kernels and will be addressed in a future update.  This issue does not affect Red Hat Enterprise Linux 5 and 6 systems.
Comment 7 errata-xmlrpc 2016-11-03 17:06:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html
Comment 8 errata-xmlrpc 2016-11-03 19:54:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html
Comment 9 errata-xmlrpc 2016-11-03 21:36:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html
Comment 10 errata-xmlrpc 2016-11-03 21:44:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html
Note You need to log in before you can comment on or make changes to this bug.