CVE: CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

Bug #1969605 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Jiping Ma

Bug Description

CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

Score:
9.0: AV:N/AC:L/Au:S/C:C/I:C/A:C

Description:

CVE-2022-0435 A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0435
https://access.redhat.com/security/cve/CVE-2022-0435
The CVE has been fixed by Linux yocto kernel 5.10.102

CVE References

Yue Tao (wrytao)
Changed in starlingx:
assignee: nobody → Joe Slater (jslater0wind)
Revision history for this message
Yue Tao (wrytao) wrote :

Change the fix version to Linux yocto kernel 5.10.102 to include another CVE CVE-2022-0847 fix.

description: updated
Yue Tao (wrytao)
Changed in starlingx:
assignee: Joe Slater (jslater0wind) → Jiping Ma (jma11)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Screening: Marking as medium priority as this CVE meets the StarlingX fix criteria. Should be fixed in stx master and considered for cherry-pick to stx.6.0 if a maintenance release is planned

tags: added: stx.security
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.6.0 stx.7.0
Ghada Khalil (gkhalil)
information type: Public → Public Security
Changed in starlingx:
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manifest (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/manifest/+/841835

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kernel (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/kernel/+/841891

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manifest (master)

Reviewed: https://review.opendev.org/c/starlingx/manifest/+/841835
Committed: https://opendev.org/starlingx/manifest/commit/88adf731725797ce905be1d07745968018849521
Submitter: "Zuul (22348)"
Branch: master

commit 88adf731725797ce905be1d07745968018849521
Author: Jiping Ma <email address hidden>
Date: Wed Apr 27 02:31:49 2022 -0400

    Update kernel to v5.10.112

    This stable update brings us up to date with the latest in linux-yocto
    which itself is mostly up-to-date with the latest mainline LTS stable
    update and preempt_rt patchset updates.

    Verification:
    - Install success onto a StarlingX system with two controller and two
      compute nodes.
    - The regression testing was run including kernel and applications by
      our test team.
    - The network performance test result is not big different with 5.10.99.
      Test is run on the starlingx lab.
    - The cyclictest benchmark was run by our test team, the result is
      little better than 5.10.99. Test result is "samples:259200000
      hrtimer_noload_min:3545 hrtimer_noload_avg:4636
      hrtimer_noload_max:8025 99.9999th perc.:6427".
    - The cyclictest benchmark was also run on the starlingx lab, the
      result is "samples:43199988 avg:1340 max:14633 99.9999th
      percentile:3030 overflows: 0". It is not big difference with 5.10.99.

    Partial-Bug: 1969605

    Signed-off-by: Jiping Ma <email address hidden>
    Change-Id: I45b39d8400e7f627faa0403b75c47cb0bf24356d

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/841891
Committed: https://opendev.org/starlingx/kernel/commit/61723d0f65531601aedafbc7bf310c5838df2db9
Submitter: "Zuul (22348)"
Branch: master

commit 61723d0f65531601aedafbc7bf310c5838df2db9
Author: Jiping Ma <email address hidden>
Date: Wed Apr 27 03:52:57 2022 -0400

    CentOS: kernel: Update 5.10 Kernel to 5.10.112

    This commit updates kernel to 5.10.112 to fix many issues, including the
    following two CVE issues which were of special concern.
    - CVE-2022-0847: kernel: improper initialization of the "flags"
      member of the new pipe_buffer
    - CVE-2022-0435: kernel: remote stack overflow via kernel panic on
      systems using TIPC may lead to DoS
    Note we add more one commit
    https://git.yoctoproject.org/linux-yocto/commit/net/ipv4/inet_hashtables.c?h=v5.10/standard/preempt-rt/base&id=bd6e7290bc766ef13e42a1e37f75e6e708b4e317
    a minor fix-up on top of v5.10.112 for rt kernel.

    Verification:
    - Install success onto a StarlingX system with two controller and
      two compute nodes with std kernel.
    - Install success onto a All-in-One Duplex lab with rt kernel.
    - The network performance test is done with rt system. The result is
      almost same with 5.10.99.
    - The regression testing was run including kernel and applications
      by our test team.
    - The cyclictest benchmark was run by our test team, the result is
      little better than 5.10.99. Test result is "samples:259200000
      hrtimer_noload_min:3545 hrtimer_noload_avg: 4636
      hrtimer_noload_max:8025 99.9999th perc.:6427".
    - The cyclictest benchmark was also run on the starlingx lab, the
      result is "samples:43199988 avg:1340 max:14633 99.9999th percentile:3030
      overflows: 0". It is not big difference with 5.10.99.

    Closes-Bug: 1969605
    Depends-On: https://review.opendev.org/c/starlingx/manifest/+/841835

    Signed-off-by: Jiping Ma <email address hidden>
    Change-Id: I80d72c157e4db646e8ca85c8f954abcc7e5c9fec

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/842252
Committed: https://opendev.org/starlingx/kernel/commit/769b2011c09299ff751f891151d53a12000100b3
Submitter: "Zuul (22348)"
Branch: master

commit 769b2011c09299ff751f891151d53a12000100b3
Author: Jiping Ma <email address hidden>
Date: Sun May 15 23:39:47 2022 -0700

    Debian: Update kernel to v5.10.112

    This commit updates kernel to 5.10.112 to fix many issues, including the
    following two CVE issues which were of special concern.
    - CVE-2022-0847: kernel: improper initialization of the "flags"
      member of the new pipe_buffer
    - CVE-2022-0435: kernel: remote stack overflow via kernel panic on
      systems using TIPC may lead to DoS
    Note we add more one commit
    https://git.yoctoproject.org/linux-yocto/commit/net/ipv4/inet_hashtables.c?h=v5.10/standard/preempt-rt/base&id=bd6e7290bc766ef13e42a1e37f75e6e708b4e317
    a minor fix-up on top of v5.10.112 for rt kernel.

    Verification:
    - Build kernel and out of tree modules success for rt and std.
    - Build iso success for rt and std.
    - Install success onto a All-in-One lab with iso.
    - Boot up successfully with qemu and lab.

    Partial-Bug: 1969605

    Signed-off-by: Jiping Ma <email address hidden>
    Change-Id: I9b126d1870cc1d14cb2dde4035d3fc73d8bc923b

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.