Bug 1718176 (CVE-2019-12614)
Summary: | CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, steved, williams, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. An attacker who can change the LPAR configuration and incur low memory conditions at the same time could use this flaw to crash the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-12 16:31:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1718185, 1806629, 1806630, 1806631 | ||
Bug Blocks: | 1718183 |
Description
Dhananjay Arunesh
2019-06-07 08:07:17 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1718185] Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: An attacker needs to be highly privileged to exploit this issue. He either needs to trigger LPAR configuration change (or wait for such event to happen) and incur low memory conditions at the same time. It could be argued that possessing privileges required to exploit this issue could have the same impact as the issue itself. The indications say that this issue was found by static code analysing tool which looks for memory allocations without failure checks and not actually reproduced on a running system. The CVE assignment also looks automated and following the "better be safe than sorry" approach. As such, this issue is theoretical in nature and Low impact at best. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12614 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431 |