Bug 1724393 (CVE-2019-0154)
| Summary: | CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMIO in lower power state | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, asavkov, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jthierry, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, lilu, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, qzhao, rhandlin, rt-maint, rvrbovsk, security-response-team, sparks, steved, williams, ycote, ykopkova, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-11-13 00:51:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1766059, 1756803, 1756805, 1756808, 1756810, 1756811, 1756812, 1756813, 1756814, 1756815, 1756816, 1756819, 1756821, 1756822, 1756823, 1756824, 1756825, 1756826, 1756827, 1756828, 1759410, 1759411, 1759412, 1766056, 1766058, 1768925, 1771642 | ||
| Bug Blocks: | 1724392 | ||
|
Description
Wade Mealing
2019-06-27 01:17:22 UTC
Mitigation: Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required. Acknowledgments: Name: Intel Statement: Intel plans to release BIOS firmware to correct this issue. Red Hat's kernel update should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states. For more information see https://access.redhat.com/solutions/i915-graphics Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1771642] External References: https://access.redhat.com/solutions/i915-graphics https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3833 https://access.redhat.com/errata/RHSA-2019:3833 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3835 https://access.redhat.com/errata/RHSA-2019:3835 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3832 https://access.redhat.com/errata/RHSA-2019:3832 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3837 https://access.redhat.com/errata/RHSA-2019:3837 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3838 https://access.redhat.com/errata/RHSA-2019:3838 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3834 https://access.redhat.com/errata/RHSA-2019:3834 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3841 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:3844 https://access.redhat.com/errata/RHSA-2019:3844 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:3840 https://access.redhat.com/errata/RHSA-2019:3840 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:3839 https://access.redhat.com/errata/RHSA-2019:3839 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0154 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 |