Upstream information

CVE-2017-1000410 at MITRE

Description

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 5 3.3
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N AV:A/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network Adjacent Network
Access Complexity Low Low
Authentication None None
Confidentiality Impact Partial Partial
Integrity Impact None None
Availability Impact None None
CVSS v3 Scores
  SUSE
Base Score 2.4
Vector AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Access Vector Physical
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 1070535 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Openstack Cloud Magnum Orchestration 7
  • kernel-default >= 4.4.103-92.53.1
Patchnames:
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-2141
SUSE CaaS Platform ALL
  • kernel-default >= 4.4.103-6.33.1
Patchnames:
SUSE-CAASP-ALL-2017-2129
SUSE Linux Enterprise Build System Kit 12 SP2
  • kernel-zfcpdump >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-BSK-12-SP2-2017-2141
SUSE Linux Enterprise Build System Kit 12 SP3
  • kernel-zfcpdump >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-BSK-12-SP3-2017-2129
SUSE Linux Enterprise Desktop 12 SP2
  • kernel-default >= 4.4.103-92.53.1
  • kernel-default-devel >= 4.4.103-92.53.1
  • kernel-default-extra >= 4.4.103-92.53.1
  • kernel-devel >= 4.4.103-92.53.1
  • kernel-macros >= 4.4.103-92.53.1
  • kernel-source >= 4.4.103-92.53.1
  • kernel-syms >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP2-2017-2141
SUSE Linux Enterprise Desktop 12 SP3
  • kernel-default >= 4.4.103-6.33.1
  • kernel-default-devel >= 4.4.103-6.33.1
  • kernel-default-extra >= 4.4.103-6.33.1
  • kernel-devel >= 4.4.103-6.33.1
  • kernel-macros >= 4.4.103-6.33.1
  • kernel-source >= 4.4.103-6.33.1
  • kernel-syms >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP3-2017-2129
SUSE Linux Enterprise High Availability 12 SP2
  • cluster-md-kmp-default >= 4.4.103-92.53.1
  • cluster-network-kmp-default >= 4.4.103-92.53.1
  • dlm-kmp-default >= 4.4.103-92.53.1
  • gfs2-kmp-default >= 4.4.103-92.53.1
  • kernel-default >= 4.4.103-92.53.1
  • ocfs2-kmp-default >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-HA-12-SP2-2017-2141
SUSE Linux Enterprise High Availability 12 SP3
  • cluster-md-kmp-default >= 4.4.103-6.33.1
  • dlm-kmp-default >= 4.4.103-6.33.1
  • gfs2-kmp-default >= 4.4.103-6.33.1
  • kernel-default >= 4.4.103-6.33.1
  • ocfs2-kmp-default >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-HA-12-SP3-2017-2129
SUSE Linux Enterprise High Availability 15
  • cluster-md-kmp-default >= 4.12.14-23.1
  • dlm-kmp-default >= 4.12.14-23.1
  • gfs2-kmp-default >= 4.12.14-23.1
  • ocfs2-kmp-default >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise High Availability 15 GA cluster-md-kmp-default
SUSE Linux Enterprise Live Patching 12
  • kgraft-patch-4_4_103-92_53-default >= 1-3.3.1
  • kgraft-patch-SLE12-SP2_Update_16 >= 1-3.3.1
Patchnames:
SUSE-SLE-Live-Patching-12-2017-2141
SUSE Linux Enterprise Live Patching 12 SP3
  • kgraft-patch-4_4_103-6_33-default >= 1-4.3.1
  • kgraft-patch-SLE12-SP3_Update_6 >= 1-4.3.1
Patchnames:
SUSE-SLE-Live-Patching-12-SP3-2017-2129
SUSE Linux Enterprise Module for Basesystem 15
  • kernel-default >= 4.12.14-23.1
  • kernel-default-devel >= 4.12.14-23.1
  • kernel-devel >= 4.12.14-23.1
  • kernel-macros >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA kernel-default
SUSE Linux Enterprise Module for Development Tools 15
  • kernel-docs >= 4.12.14-23.1
  • kernel-obs-build >= 4.12.14-23.1
  • kernel-source >= 4.12.14-23.1
  • kernel-syms >= 4.12.14-23.1
  • kernel-vanilla-base >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise Module for Development Tools 15 GA kernel-docs
SUSE Linux Enterprise Module for Legacy Software 15
  • reiserfs-kmp-default >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 15 GA reiserfs-kmp-default
SUSE Linux Enterprise Module for Live Patching 15
  • kernel-default-livepatch >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise Module for Live Patching 15 GA kernel-default-livepatch
SUSE Linux Enterprise Real Time Extension 12 SP2
  • cluster-md-kmp-rt >= 4.4.104-24.1
  • cluster-network-kmp-rt >= 4.4.104-24.1
  • dlm-kmp-rt >= 4.4.104-24.1
  • gfs2-kmp-rt >= 4.4.104-24.1
  • kernel-devel-rt >= 4.4.104-24.1
  • kernel-rt >= 4.4.104-24.1
  • kernel-rt-base >= 4.4.104-24.1
  • kernel-rt-devel >= 4.4.104-24.1
  • kernel-rt_debug >= 4.4.104-24.1
  • kernel-rt_debug-devel >= 4.4.104-24.1
  • kernel-source-rt >= 4.4.104-24.1
  • kernel-syms-rt >= 4.4.104-24.1
  • ocfs2-kmp-rt >= 4.4.104-24.1
Patchnames:
SUSE-SLE-RT-12-SP2-2018-145
SUSE Linux Enterprise Server 12 SP2
  • kernel-default >= 4.4.103-92.53.1
  • kernel-default-base >= 4.4.103-92.53.1
  • kernel-default-devel >= 4.4.103-92.53.1
  • kernel-default-man >= 4.4.103-92.53.1
  • kernel-devel >= 4.4.103-92.53.1
  • kernel-macros >= 4.4.103-92.53.1
  • kernel-source >= 4.4.103-92.53.1
  • kernel-syms >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-2017-2141
SUSE Linux Enterprise Server 12 SP3
  • kernel-default >= 4.4.103-6.33.1
  • kernel-default-base >= 4.4.103-6.33.1
  • kernel-default-devel >= 4.4.103-6.33.1
  • kernel-default-man >= 4.4.103-6.33.1
  • kernel-devel >= 4.4.103-6.33.1
  • kernel-macros >= 4.4.103-6.33.1
  • kernel-source >= 4.4.103-6.33.1
  • kernel-syms >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2017-2129
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • kernel-default >= 4.4.103-92.53.1
  • kernel-default-base >= 4.4.103-92.53.1
  • kernel-default-devel >= 4.4.103-92.53.1
  • kernel-devel >= 4.4.103-92.53.1
  • kernel-macros >= 4.4.103-92.53.1
  • kernel-source >= 4.4.103-92.53.1
  • kernel-syms >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-RPI-12-SP2-2017-2141
SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • kernel-default >= 4.4.103-92.53.1
  • kernel-default-base >= 4.4.103-92.53.1
  • kernel-default-devel >= 4.4.103-92.53.1
  • kernel-default-man >= 4.4.103-92.53.1
  • kernel-devel >= 4.4.103-92.53.1
  • kernel-macros >= 4.4.103-92.53.1
  • kernel-source >= 4.4.103-92.53.1
  • kernel-syms >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-2017-2141
SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • kernel-default >= 4.4.103-6.33.1
  • kernel-default-base >= 4.4.103-6.33.1
  • kernel-default-devel >= 4.4.103-6.33.1
  • kernel-default-man >= 4.4.103-6.33.1
  • kernel-devel >= 4.4.103-6.33.1
  • kernel-macros >= 4.4.103-6.33.1
  • kernel-source >= 4.4.103-6.33.1
  • kernel-syms >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2017-2129
SUSE Linux Enterprise Software Development Kit 12 SP2
  • kernel-docs >= 4.4.103-92.53.1
  • kernel-obs-build >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-SDK-12-SP2-2017-2141
SUSE Linux Enterprise Software Development Kit 12 SP3
  • kernel-docs >= 4.4.103-6.33.1
  • kernel-obs-build >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-SDK-12-SP3-2017-2129
SUSE Linux Enterprise Workstation Extension 12 SP2
  • kernel-default >= 4.4.103-92.53.1
  • kernel-default-extra >= 4.4.103-92.53.1
Patchnames:
SUSE-SLE-WE-12-SP2-2017-2141
SUSE Linux Enterprise Workstation Extension 12 SP3
  • kernel-default >= 4.4.103-6.33.1
  • kernel-default-extra >= 4.4.103-6.33.1
Patchnames:
SUSE-SLE-WE-12-SP3-2017-2129
SUSE Linux Enterprise Workstation Extension 15
  • kernel-default-extra >= 4.12.14-23.1
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA kernel-default-extra
openSUSE Leap 15.0
  • kernel-default >= 4.12.14-lp150.11.4
  • kernel-vanilla-base >= 4.12.14-lp150.11.4
Patchnames:
openSUSE Leap 15.0 GA kernel-default
openSUSE Leap 42.2
  • kernel-debug >= 4.4.103-18.41.1
  • kernel-debug-base >= 4.4.103-18.41.1
  • kernel-debug-base-debuginfo >= 4.4.103-18.41.1
  • kernel-debug-debuginfo >= 4.4.103-18.41.1
  • kernel-debug-debugsource >= 4.4.103-18.41.1
  • kernel-debug-devel >= 4.4.103-18.41.1
  • kernel-debug-devel-debuginfo >= 4.4.103-18.41.1
  • kernel-default >= 4.4.103-18.41.1
  • kernel-default-base >= 4.4.103-18.41.1
  • kernel-default-base-debuginfo >= 4.4.103-18.41.1
  • kernel-default-debuginfo >= 4.4.103-18.41.1
  • kernel-default-debugsource >= 4.4.103-18.41.1
  • kernel-default-devel >= 4.4.103-18.41.1
  • kernel-devel >= 4.4.103-18.41.1
  • kernel-docs >= 4.4.103-18.41.1
  • kernel-docs-html >= 4.4.103-18.41.1
  • kernel-docs-pdf >= 4.4.103-18.41.1
  • kernel-macros >= 4.4.103-18.41.1
  • kernel-obs-build >= 4.4.103-18.41.1
  • kernel-obs-build-debugsource >= 4.4.103-18.41.1
  • kernel-obs-qa >= 4.4.103-18.41.1
  • kernel-source >= 4.4.103-18.41.1
  • kernel-source-vanilla >= 4.4.103-18.41.1
  • kernel-syms >= 4.4.103-18.41.1
  • kernel-vanilla >= 4.4.103-18.41.1
  • kernel-vanilla-base >= 4.4.103-18.41.1
  • kernel-vanilla-base-debuginfo >= 4.4.103-18.41.1
  • kernel-vanilla-debuginfo >= 4.4.103-18.41.1
  • kernel-vanilla-debugsource >= 4.4.103-18.41.1
  • kernel-vanilla-devel >= 4.4.103-18.41.1
Patchnames:
openSUSE-2017-1390
openSUSE Leap 42.3
  • kernel-debug >= 4.4.103-36.1
  • kernel-debug-base >= 4.4.103-36.1
  • kernel-debug-base-debuginfo >= 4.4.103-36.1
  • kernel-debug-debuginfo >= 4.4.103-36.1
  • kernel-debug-debugsource >= 4.4.103-36.1
  • kernel-debug-devel >= 4.4.103-36.1
  • kernel-debug-devel-debuginfo >= 4.4.103-36.1
  • kernel-default >= 4.4.103-36.1
  • kernel-default-base >= 4.4.103-36.1
  • kernel-default-base-debuginfo >= 4.4.103-36.1
  • kernel-default-debuginfo >= 4.4.103-36.1
  • kernel-default-debugsource >= 4.4.103-36.1
  • kernel-default-devel >= 4.4.103-36.1
  • kernel-devel >= 4.4.103-36.1
  • kernel-docs >= 4.4.103-36.1
  • kernel-docs-html >= 4.4.103-36.1
  • kernel-docs-pdf >= 4.4.103-36.1
  • kernel-macros >= 4.4.103-36.1
  • kernel-obs-build >= 4.4.103-36.1
  • kernel-obs-build-debugsource >= 4.4.103-36.1
  • kernel-obs-qa >= 4.4.103-36.1
  • kernel-source >= 4.4.103-36.1
  • kernel-source-vanilla >= 4.4.103-36.1
  • kernel-syms >= 4.4.103-36.1
  • kernel-vanilla >= 4.4.103-36.1
  • kernel-vanilla-base >= 4.4.103-36.1
  • kernel-vanilla-base-debuginfo >= 4.4.103-36.1
  • kernel-vanilla-debuginfo >= 4.4.103-36.1
  • kernel-vanilla-debugsource >= 4.4.103-36.1
  • kernel-vanilla-devel >= 4.4.103-36.1
  • kselftests-kmp-debug >= 4.4.103-36.1
  • kselftests-kmp-debug-debuginfo >= 4.4.103-36.1
  • kselftests-kmp-default >= 4.4.103-36.1
  • kselftests-kmp-default-debuginfo >= 4.4.103-36.1
  • kselftests-kmp-vanilla >= 4.4.103-36.1
  • kselftests-kmp-vanilla-debuginfo >= 4.4.103-36.1
Patchnames:
openSUSE-2017-1391


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE Linux Enterprise Desktop 12 SP2 kernel-source Released
SUSE Linux Enterprise Desktop 12 SP3 kernel-source Released
SUSE Linux Enterprise Server 11 SP4 kernel-source Not affected
SUSE Linux Enterprise Server 12 SP2 kernel-source Released
SUSE Linux Enterprise Server 12 SP3 kernel-source Released