Issue metadata
Sign in to add a comment
|
CVE-2017-12153 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-12153 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12153 CVSS severity score: 6.8/10.0 Description: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Oct 5 2017
Upstream commit e785fa0a164aa ("nl80211: check for the required netlink attributes presence"). Affects all Chrome OS kernels. Also need to check if any parallel wireless stacks are affected.
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/90f76fb49cbf4f3f78dff6d9da0ed9794011740a commit 90f76fb49cbf4f3f78dff6d9da0ed9794011740a Author: Vladis Dronov <vdronov@redhat.com> Date: Fri Oct 06 13:26:21 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702718 Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/90f76fb49cbf4f3f78dff6d9da0ed9794011740a/net/wireless/nl80211.c
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/38ea7fb00e5be3d83d71a264f54de2f719a1fe01 commit 38ea7fb00e5be3d83d71a264f54de2f719a1fe01 Author: Vladis Dronov <vdronov@redhat.com> Date: Fri Oct 06 18:33:51 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702716 Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/38ea7fb00e5be3d83d71a264f54de2f719a1fe01/net/wireless/nl80211.c
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f4ce4c26290a34f98f0b9a6899ef9153b133bdc7 commit f4ce4c26290a34f98f0b9a6899ef9153b133bdc7 Author: Vladis Dronov <vdronov@redhat.com> Date: Fri Oct 06 18:33:54 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702644 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/f4ce4c26290a34f98f0b9a6899ef9153b133bdc7/net/wireless/nl80211.c
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7a4d129fdf8a31775118081b00f69efed19bd89b commit 7a4d129fdf8a31775118081b00f69efed19bd89b Author: Vladis Dronov <vdronov@redhat.com> Date: Fri Oct 06 20:47:19 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702717 Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/7a4d129fdf8a31775118081b00f69efed19bd89b/net/wireless/nl80211.c
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a355fd481315459b8ae2ef4c6058789b91f1e270 commit a355fd481315459b8ae2ef4c6058789b91f1e270 Author: Vladis Dronov <vdronov@redhat.com> Date: Fri Oct 06 20:47:15 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702714 Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/a355fd481315459b8ae2ef4c6058789b91f1e270/net/wireless/nl80211.c
,
Oct 6 2017
,
Oct 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ce6ffcbcb62228e85f408f92969089e8e7ffadf4 commit ce6ffcbcb62228e85f408f92969089e8e7ffadf4 Author: Vladis Dronov <vdronov@redhat.com> Date: Sat Oct 07 04:31:15 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702715 Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/ce6ffcbcb62228e85f408f92969089e8e7ffadf4/net/wireless/nl80211.c
,
Oct 7 2017
,
Oct 7 2017
This bug requires manual review: We are only 9 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 9 2017
Approved for 62.
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/fad11c99297553791c8f35354a89022de3ef2f2c commit fad11c99297553791c8f35354a89022de3ef2f2c Author: Vladis Dronov <vdronov@redhat.com> Date: Mon Oct 09 19:26:06 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702714 Reviewed-by: Kirtika Ruchandani <kirtika@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> (cherry picked from commit a355fd481315459b8ae2ef4c6058789b91f1e270) Reviewed-on: https://chromium-review.googlesource.com/707501 [modify] https://crrev.com/fad11c99297553791c8f35354a89022de3ef2f2c/net/wireless/nl80211.c
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/3c2643fe2f799beda45c8c24bef7eebc05e9f530 commit 3c2643fe2f799beda45c8c24bef7eebc05e9f530 Author: Vladis Dronov <vdronov@redhat.com> Date: Mon Oct 09 19:26:11 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702716 Reviewed-by: Brian Norris <briannorris@chromium.org> (cherry picked from commit 38ea7fb00e5be3d83d71a264f54de2f719a1fe01) Reviewed-on: https://chromium-review.googlesource.com/707503 [modify] https://crrev.com/3c2643fe2f799beda45c8c24bef7eebc05e9f530/net/wireless/nl80211.c
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2617ba85b26e7f2b391f9dd998dbf48d1021bebe commit 2617ba85b26e7f2b391f9dd998dbf48d1021bebe Author: Vladis Dronov <vdronov@redhat.com> Date: Mon Oct 09 19:26:15 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702644 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> (cherry picked from commit f4ce4c26290a34f98f0b9a6899ef9153b133bdc7) Reviewed-on: https://chromium-review.googlesource.com/707500 [modify] https://crrev.com/2617ba85b26e7f2b391f9dd998dbf48d1021bebe/net/wireless/nl80211.c
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/55047abc47af7886f745e44204b34017e7673f01 commit 55047abc47af7886f745e44204b34017e7673f01 Author: Vladis Dronov <vdronov@redhat.com> Date: Mon Oct 09 19:29:09 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. pre-cq-configs: mixed-wificell-pre-cq BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702715 Reviewed-by: Brian Norris <briannorris@chromium.org> (cherry picked from commit ce6ffcbcb62228e85f408f92969089e8e7ffadf4) Reviewed-on: https://chromium-review.googlesource.com/707502 [modify] https://crrev.com/55047abc47af7886f745e44204b34017e7673f01/net/wireless/nl80211.c
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/683b70aeac5d44b2299453351d6d4ab8aece5348 commit 683b70aeac5d44b2299453351d6d4ab8aece5348 Author: Vladis Dronov <vdronov@redhat.com> Date: Mon Oct 09 19:29:13 2017 UPSTREAM: nl80211: check for the required netlink attributes presence nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. BUG= chromium:771932 TEST=Build and run Change-Id: I0d6e494243637e3f0d067700ef93b7ef3f93e52a References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit e785fa0a164aa) Reviewed-on: https://chromium-review.googlesource.com/702717 Reviewed-by: Brian Norris <briannorris@chromium.org> (cherry picked from commit 7a4d129fdf8a31775118081b00f69efed19bd89b) Reviewed-on: https://chromium-review.googlesource.com/707504 [modify] https://crrev.com/683b70aeac5d44b2299453351d6d4ab8aece5348/net/wireless/nl80211.c
,
Oct 9 2017
,
Oct 9 2017
,
Oct 10 2017
,
Jan 16 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Oct 5 2017Labels: Security_Severity-Medium Security_Impact-Stable M-62 Pri-1
Owner: groeck@chromium.org
Status: Assigned (was: Untriaged)