Bug 1715494 (CVE-2019-12380)

Summary: CVE-2019-12380 kernel: memory allocation failure in the efi subsystem leads to denial of service
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, airlied, apmukher, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, rt-maint, rvrbovsk, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-06 10:31:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1715495    
Bug Blocks: 1715561    

Description msiddiqu 2019-05-30 13:47:13 UTC
An issue was discovered in the efi subsystem in the Linux kernel in the function phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.

This particular attack is somewhat contrived and difficult to execute.  It would require an attacker to be able to create memory failures during early boot phase on platforms such as a virtual machine host. This may allow for the kernel in the guest to incorrectly map memory and possibly allow an local (in guest)  attacker to then further escalate privileges on the affected guest.  Red Hat product security finds this situation very unlikely.

Upstream patch: 

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e

Discussion:
https://lkml.org/lkml/2019/5/22/1378

Comment 1 msiddiqu 2019-05-30 13:47:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1715495]

Comment 5 Product Security DevOps Team 2020-05-06 10:31:47 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-12380