Bug 1709180 (CVE-2019-11811)
Summary: | CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mkeir, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, steved, williams, wmealing, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel's implementation of IPMI (remote baseband access). An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-07-29 19:18:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1709181, 1714407, 1714408, 1714409, 1714410, 1714411, 1714412, 1714413, 1714414, 1739307, 1739308, 1771019, 1832191 | ||
Bug Blocks: | 1709182 |
Description
Marian Rehak
2019-05-13 07:09:45 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1709181] This was fixed for Fedora with the 5.0.4 stable kernel updates. Statement: This flaw has been rated as "Moderate" as the attacker needs to be able to abuse this flaw in a very narrow race condition of the kernel module being unloaded. This scoring system from this flaw differentiates from other sources as the attacker must have a local account to be able to read the file (/proc/ioports) while the module is unloaded. None of the above actions are 'network facing' attack vectors. Mitigation: A mitigation to this flaw would be to no longer use IPMI on affected hardware until the kernel has been updated. Existing systems that have IPMI kernel modules loaded will need to unload the "ipmi_si" kernel module and blacklist ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules). Take careful consideration that if unloading and blacklisting the module, this creates a one-time attack vector window for a local attacker. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1873 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:1891 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11811 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1959 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:1971 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2854 https://access.redhat.com/errata/RHSA-2020:2854 |