Bug 1683372 (CVE-2018-12180)
Summary: | CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | berrange, bmcclain, crobinso, cshao, dblechte, dfediuck, dmoppert, eedri, kraxel, lersek, lsvaty, mgoldboi, michal.skrivanek, pbonzini, philmd, rdlugyhe, rschiron, sbonazzo, security-response-team, sherold, virt-maint, virt-maint, yozone, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in edk2. When registering a RAM disk whose size is not a multiple of 512 bytes, the BlockIo protocol produced by the RamDiskDxe driver will incur memory read/write overrun. The memory overrun will happen when reading/writing the last block on the RAM disk. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:48:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1683374, 1683373, 1684005, 1684006, 1684007, 1684983, 1684984, 1690501 | ||
Bug Blocks: | 1683333 |
Description
Laura Pardo
2019-02-26 17:40:53 UTC
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1683374] Affects: fedora-all [bug 1683373] Functions RamDiskBlkIoWriteBlocks() and RamDiskBlkIoReadBlocks() in RamDiskDxe/RamDiskBlockIo.c do not correctly check the last block when writing/reading to/from a RamDisk that has a size not multiple of 512 bytes. An attacker may use this flaw by loading a maliciously crafted ramdisk and making the firmware overwrites area of memory beyond the intended buffer, causing system crashes or other unspecified effects. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0809 https://access.redhat.com/errata/RHSA-2019:0809 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:0968 https://access.redhat.com/errata/RHSA-2019:0968 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1116 https://access.redhat.com/errata/RHSA-2019:1116 |