CVE-2014-8160 Common Vulnerabilities and Exposures

Upstream information

CVE-2014-8160 at MITRE

Description

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

SUSE information

Overall state of this security issue: Does not affect SUSE products

Note from the SUSE Security Team on the kernel-default package

SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details.

Note from the SUSE Security Team on the xen package

This issue likely only affects the XEN hypervisor itself, unless otherwise stated. The userland utilities in -tools and libraries in -libs are shipped together with the xen hypervisor as they are built from one source and do not contain hypervisor specific fixes.

SUSE Bugzilla entries: 857643 [RESOLVED / FIXED], 913059 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2015:0529-1, published Wed Mar 18 15:04:55 MDT 2015
SUSE-SU-2015:0581-1, published Tue Mar 24 00:04:46 MDT 2015
SUSE-SU-2015:0652-1, published Wed Apr 1 18:06:32 MDT 2015
SUSE-SU-2015:0736-1, published Mon Apr 20 13:04:58 MDT 2015
TID7016668, published Tue Aug 18 01:08:01 CEST 2015
openSUSE-SU-2015:0713-1, published Fri Dec 8 15:48:33 2023
openSUSE-SU-2015:0714-1, published Fri Dec 8 15:48:33 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 7	`kernel >= 3.10.0-229.el7` `kernel-abi-whitelists >= 3.10.0-229.el7` `kernel-debug >= 3.10.0-229.el7` `kernel-debug-devel >= 3.10.0-229.el7` `kernel-devel >= 3.10.0-229.el7` `kernel-doc >= 3.10.0-229.el7` `kernel-headers >= 3.10.0-229.el7` `kernel-tools >= 3.10.0-229.el7` `kernel-tools-libs >= 3.10.0-229.el7` `kernel-tools-libs-devel >= 3.10.0-229.el7` `perf >= 3.10.0-229.el7` `python-perf >= 3.10.0-229.el7`	Patchnames: RHSA-2015:0290
SUSE Linux Enterprise Desktop 11 SP3	`kernel-bigsmp-devel >= 3.0.101-0.47.50.1` `kernel-default >= 3.0.101-0.47.50.1` `kernel-default-base >= 3.0.101-0.47.50.1` `kernel-default-devel >= 3.0.101-0.47.50.1` `kernel-default-extra >= 3.0.101-0.47.50.1` `kernel-pae >= 3.0.101-0.47.50.1` `kernel-pae-base >= 3.0.101-0.47.50.1` `kernel-pae-devel >= 3.0.101-0.47.50.1` `kernel-pae-extra >= 3.0.101-0.47.50.1` `kernel-source >= 3.0.101-0.47.50.1` `kernel-syms >= 3.0.101-0.47.50.1` `kernel-trace-devel >= 3.0.101-0.47.50.1` `kernel-xen >= 3.0.101-0.47.50.1` `kernel-xen-base >= 3.0.101-0.47.50.1` `kernel-xen-devel >= 3.0.101-0.47.50.1` `kernel-xen-extra >= 3.0.101-0.47.50.1` `xen-kmp-default >= 4.2.5_04_3.0.101_0.47.50-0.7.1` `xen-kmp-pae >= 4.2.5_04_3.0.101_0.47.50-0.7.1`	Patchnames: sledsp3-kernel
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4	`kernel-docs >= 3.0.101-63.1`	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA kernel-docs-3.0.101-63.1
SUSE Linux Enterprise Desktop 12 SP1	`kernel-default >= 3.12.49-11.1` `kernel-default-devel >= 3.12.49-11.1` `kernel-default-extra >= 3.12.49-11.1` `kernel-devel >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-macros >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2` `kernel-source >= 3.12.49-11.1` `kernel-syms >= 3.12.49-11.1` `kernel-xen >= 3.12.49-11.1` `kernel-xen-devel >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA kernel-default-3.12.49-11.1 SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Desktop 12	`kernel-default >= 3.12.38-44.1` `kernel-default-devel >= 3.12.38-44.1` `kernel-default-extra >= 3.12.38-44.1` `kernel-devel >= 3.12.38-44.1` `kernel-docs >= 3.12.38-44.5` `kernel-macros >= 3.12.38-44.1` `kernel-obs-build >= 3.12.38-44.1` `kernel-source >= 3.12.38-44.1` `kernel-syms >= 3.12.38-44.1` `kernel-xen >= 3.12.38-44.1` `kernel-xen-devel >= 3.12.38-44.1`	Patchnames: SUSE-SLE-DESKTOP-12-2015-130 SUSE-SLE-SDK-12-2015-130 SUSE-SLE-WE-12-2015-130
SUSE Linux Enterprise High Availability Extension 11 SP3	`cluster-network-kmp-bigsmp >= 1.4_3.0.101_0.47.50-2.28.1.7` `cluster-network-kmp-default >= 1.4_3.0.101_0.47.50-2.28.1.7` `cluster-network-kmp-pae >= 1.4_3.0.101_0.47.50-2.28.1.7` `cluster-network-kmp-ppc64 >= 1.4_3.0.101_0.47.50-2.28.1.7` `cluster-network-kmp-trace >= 1.4_3.0.101_0.47.50-2.28.1.7` `cluster-network-kmp-xen >= 1.4_3.0.101_0.47.50-2.28.1.7` `gfs2-kmp-bigsmp >= 2_3.0.101_0.47.50-0.17.1.7` `gfs2-kmp-default >= 2_3.0.101_0.47.50-0.17.1.7` `gfs2-kmp-pae >= 2_3.0.101_0.47.50-0.17.1.7` `gfs2-kmp-ppc64 >= 2_3.0.101_0.47.50-0.17.1.7` `gfs2-kmp-trace >= 2_3.0.101_0.47.50-0.17.1.7` `gfs2-kmp-xen >= 2_3.0.101_0.47.50-0.17.1.7` `ocfs2-kmp-bigsmp >= 1.6_3.0.101_0.47.50-0.21.1.7` `ocfs2-kmp-default >= 1.6_3.0.101_0.47.50-0.21.1.7` `ocfs2-kmp-pae >= 1.6_3.0.101_0.47.50-0.21.1.7` `ocfs2-kmp-ppc64 >= 1.6_3.0.101_0.47.50-0.21.1.7` `ocfs2-kmp-trace >= 1.6_3.0.101_0.47.50-0.21.1.7` `ocfs2-kmp-xen >= 1.6_3.0.101_0.47.50-0.21.1.7`	Patchnames: slehasp3-kernel
SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5	`kernel-ec2 >= 3.12.38-44.1` `kernel-ec2-devel >= 3.12.38-44.1` `kernel-ec2-extra >= 3.12.38-44.1`	Patchnames: SUSE-SLE-Module-Public-Cloud-12-2015-130
SUSE Linux Enterprise Live Patching 12		Patchnames: SUSE-SLE-Live-Patching-12-2015-130
SUSE Linux Enterprise Real Time 11 SP3	`cluster-network-kmp-rt >= 1.4_3.0.101_rt130_0.33.36-2.28.1.14` `cluster-network-kmp-rt_trace >= 1.4_3.0.101_rt130_0.33.36-2.28.1.14` `drbd-kmp-rt >= 8.4.4_3.0.101_rt130_0.33.36-0.23.1.14` `drbd-kmp-rt_trace >= 8.4.4_3.0.101_rt130_0.33.36-0.23.1.14` `iscsitarget-kmp-rt >= 1.4.20_3.0.101_rt130_0.33.36-0.39.1.14` `iscsitarget-kmp-rt_trace >= 1.4.20_3.0.101_rt130_0.33.36-0.39.1.14` `kernel-rt >= 3.0.101.rt130-0.33.36.1` `kernel-rt-base >= 3.0.101.rt130-0.33.36.1` `kernel-rt-devel >= 3.0.101.rt130-0.33.36.1` `kernel-rt_trace >= 3.0.101.rt130-0.33.36.1` `kernel-rt_trace-base >= 3.0.101.rt130-0.33.36.1` `kernel-rt_trace-devel >= 3.0.101.rt130-0.33.36.1` `kernel-source-rt >= 3.0.101.rt130-0.33.36.1` `kernel-syms-rt >= 3.0.101.rt130-0.33.36.1` `lttng-modules-kmp-rt >= 2.1.1_3.0.101_rt130_0.33.36-0.12.1.13` `lttng-modules-kmp-rt_trace >= 2.1.1_3.0.101_rt130_0.33.36-0.12.1.13` `ocfs2-kmp-rt >= 1.6_3.0.101_rt130_0.33.36-0.21.1.14` `ocfs2-kmp-rt_trace >= 1.6_3.0.101_rt130_0.33.36-0.21.1.14` `ofed-kmp-rt >= 1.5.4.1_3.0.101_rt130_0.33.36-0.14.1.14` `ofed-kmp-rt_trace >= 1.5.4.1_3.0.101_rt130_0.33.36-0.14.1.14`	Patchnames: slertesp3-kernel
SUSE Linux Enterprise Server 11 SP1-LTSS	`btrfs-kmp-default >= 0_2.6.32.59_0.13-0.3.163` `btrfs-kmp-pae >= 0_2.6.32.59_0.13-0.3.163` `btrfs-kmp-xen >= 0_2.6.32.59_0.13-0.3.163` `ext4dev-kmp-default >= 0_2.6.32.59_0.13-7.9.130` `ext4dev-kmp-pae >= 0_2.6.32.59_0.13-7.9.130` `ext4dev-kmp-trace >= 0_2.6.32.59_0.13-7.9.130` `ext4dev-kmp-xen >= 0_2.6.32.59_0.13-7.9.130` `hyper-v-kmp-default >= 0_2.6.32.59_0.13-0.18.39` `hyper-v-kmp-pae >= 0_2.6.32.59_0.13-0.18.39` `hyper-v-kmp-trace >= 0_2.6.32.59_0.13-0.18.39` `kernel-default >= 2.6.32.59-0.19.1` `kernel-default-base >= 2.6.32.59-0.19.1` `kernel-default-devel >= 2.6.32.59-0.19.1` `kernel-default-man >= 2.6.32.59-0.19.1` `kernel-ec2 >= 2.6.32.59-0.19.1` `kernel-ec2-base >= 2.6.32.59-0.19.1` `kernel-ec2-devel >= 2.6.32.59-0.19.1` `kernel-pae >= 2.6.32.59-0.19.1` `kernel-pae-base >= 2.6.32.59-0.19.1` `kernel-pae-devel >= 2.6.32.59-0.19.1` `kernel-source >= 2.6.32.59-0.19.1` `kernel-syms >= 2.6.32.59-0.19.1` `kernel-trace >= 2.6.32.59-0.19.1` `kernel-trace-base >= 2.6.32.59-0.19.1` `kernel-trace-devel >= 2.6.32.59-0.19.1` `kernel-xen >= 2.6.32.59-0.19.1` `kernel-xen-base >= 2.6.32.59-0.19.1` `kernel-xen-devel >= 2.6.32.59-0.19.1` `xen-kmp-default >= 4.0.3_21548_18_2.6.32.59_0.19-0.9.17` `xen-kmp-pae >= 4.0.3_21548_18_2.6.32.59_0.19-0.9.17` `xen-kmp-trace >= 4.0.3_21548_18_2.6.32.59_0.19-0.9.17`	Patchnames: slessp1-kernel
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3	`kernel-bigsmp >= 3.0.101-0.47.50.1` `kernel-bigsmp-base >= 3.0.101-0.47.50.1` `kernel-bigsmp-devel >= 3.0.101-0.47.50.1` `kernel-default >= 3.0.101-0.47.50.1` `kernel-default-base >= 3.0.101-0.47.50.1` `kernel-default-devel >= 3.0.101-0.47.50.1` `kernel-default-man >= 3.0.101-0.47.50.1` `kernel-ec2 >= 3.0.101-0.47.50.1` `kernel-ec2-base >= 3.0.101-0.47.50.1` `kernel-ec2-devel >= 3.0.101-0.47.50.1` `kernel-pae >= 3.0.101-0.47.50.1` `kernel-pae-base >= 3.0.101-0.47.50.1` `kernel-pae-devel >= 3.0.101-0.47.50.1` `kernel-ppc64 >= 3.0.101-0.47.50.1` `kernel-ppc64-base >= 3.0.101-0.47.50.1` `kernel-ppc64-devel >= 3.0.101-0.47.50.1` `kernel-source >= 3.0.101-0.47.50.1` `kernel-syms >= 3.0.101-0.47.50.1` `kernel-trace >= 3.0.101-0.47.50.1` `kernel-trace-base >= 3.0.101-0.47.50.1` `kernel-trace-devel >= 3.0.101-0.47.50.1` `kernel-xen >= 3.0.101-0.47.50.1` `kernel-xen-base >= 3.0.101-0.47.50.1` `kernel-xen-devel >= 3.0.101-0.47.50.1` `xen-kmp-default >= 4.2.5_04_3.0.101_0.47.50-0.7.1` `xen-kmp-pae >= 4.2.5_04_3.0.101_0.47.50-0.7.1`	Patchnames: slessp3-kernel
SUSE Linux Enterprise Server 11 SP4	`kernel-default >= 3.0.101-63.1` `kernel-default-base >= 3.0.101-63.1` `kernel-default-devel >= 3.0.101-63.1` `kernel-default-man >= 3.0.101-63.1` `kernel-docs >= 3.0.101-63.1` `kernel-pae >= 3.0.101-63.1` `kernel-pae-base >= 3.0.101-63.1` `kernel-pae-devel >= 3.0.101-63.1` `kernel-ppc64 >= 3.0.101-63.1` `kernel-ppc64-base >= 3.0.101-63.1` `kernel-ppc64-devel >= 3.0.101-63.1` `kernel-source >= 3.0.101-63.1` `kernel-syms >= 3.0.101-63.1` `kernel-trace >= 3.0.101-63.1` `kernel-trace-base >= 3.0.101-63.1` `kernel-trace-devel >= 3.0.101-63.1` `kernel-xen >= 3.0.101-63.1` `kernel-xen-base >= 3.0.101-63.1` `kernel-xen-devel >= 3.0.101-63.1`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA kernel-default-3.0.101-63.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA kernel-docs-3.0.101-63.1
SUSE Linux Enterprise Server 12 SP1	`kernel-default >= 3.12.49-11.1` `kernel-default-base >= 3.12.49-11.1` `kernel-default-devel >= 3.12.49-11.1` `kernel-default-extra >= 3.12.49-11.1` `kernel-default-man >= 3.12.49-11.1` `kernel-devel >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-macros >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2` `kernel-source >= 3.12.49-11.1` `kernel-syms >= 3.12.49-11.1` `kernel-xen >= 3.12.49-11.1` `kernel-xen-base >= 3.12.49-11.1` `kernel-xen-devel >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Server 12 SP1 GA kernel-default-3.12.49-11.1 SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12	`kernel-default >= 3.12.38-44.1` `kernel-default-base >= 3.12.38-44.1` `kernel-default-devel >= 3.12.38-44.1` `kernel-default-extra >= 3.12.38-44.1` `kernel-default-man >= 3.12.38-44.1` `kernel-devel >= 3.12.38-44.1` `kernel-docs >= 3.12.38-44.5` `kernel-ec2 >= 3.12.38-44.1` `kernel-ec2-devel >= 3.12.38-44.1` `kernel-ec2-extra >= 3.12.38-44.1` `kernel-macros >= 3.12.38-44.1` `kernel-obs-build >= 3.12.38-44.1` `kernel-source >= 3.12.38-44.1` `kernel-syms >= 3.12.38-44.1` `kernel-xen >= 3.12.38-44.1` `kernel-xen-base >= 3.12.38-44.1` `kernel-xen-devel >= 3.12.38-44.1`	Patchnames: SUSE-SLE-Module-Public-Cloud-12-2015-130 SUSE-SLE-SDK-12-2015-130 SUSE-SLE-SERVER-12-2015-130 SUSE-SLE-WE-12-2015-130
SUSE Linux Enterprise Server for SAP Applications 12 SP1	`kernel-default-extra >= 3.12.49-11.1` `kernel-docs >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1 SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Software Development Kit 12 SP1	`kernel-docs >= 3.12.49-11.1` `kernel-obs-build >= 3.12.49-11.2`	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA kernel-docs-3.12.49-11.1
SUSE Linux Enterprise Software Development Kit 12	`kernel-docs >= 3.12.38-44.5` `kernel-obs-build >= 3.12.38-44.1`	Patchnames: SUSE-SLE-SDK-12-2015-130
SUSE Linux Enterprise Workstation Extension 12 SP1	`kernel-default-extra >= 3.12.49-11.1`	Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP1 GA kernel-default-extra-3.12.49-11.1
SUSE Linux Enterprise Workstation Extension 12	`kernel-default-extra >= 3.12.38-44.1`	Patchnames: SUSE-SLE-WE-12-2015-130

SUSE Timeline for this CVE

CVE page created: Mon Jan 6 19:15:16 2014
CVE page last modified: Mon Feb 3 11:21:10 2025