Bug 1724398 (CVE-2019-0155)
Summary: | CVE-2019-0155 hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, apmukher, asavkov, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, eshatokhin, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshepherd, jshortt, jstancek, jthierry, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, lilu, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, qzhao, rhandlin, rt-maint, rvrbovsk, security-response-team, steved, williams, ycote, ykopkova |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-13 18:51:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1756866, 1756871, 1756872, 1756873, 1756874, 1756875, 1756876, 1756877, 1756878, 1756879, 1756880, 1756881, 1756882, 1756883, 1756884, 1756885, 1756886, 1756887, 1756888, 1756889, 1756890, 1756891, 1756892, 1756893, 1756894, 1756895, 1757647, 1760666, 1760667, 1760672, 1767737, 1771644 | ||
Bug Blocks: | 1724392 |
Description
Wade Mealing
2019-06-27 01:33:13 UTC
Mitigation: Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article( https://access.redhat.com/solutions/41278 ) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required. Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/i915-graphics Acknowledgments: Name: Intel Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1771644] External References: https://access.redhat.com/solutions/i915-graphics https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3870 https://access.redhat.com/errata/RHSA-2019:3870 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3871 https://access.redhat.com/errata/RHSA-2019:3871 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3873 https://access.redhat.com/errata/RHSA-2019:3873 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0155 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3872 https://access.redhat.com/errata/RHSA-2019:3872 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:3877 https://access.redhat.com/errata/RHSA-2019:3877 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3878 https://access.redhat.com/errata/RHSA-2019:3878 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:3883 https://access.redhat.com/errata/RHSA-2019:3883 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3887 https://access.redhat.com/errata/RHSA-2019:3887 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3889 https://access.redhat.com/errata/RHSA-2019:3889 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:3908 https://access.redhat.com/errata/RHSA-2019:3908 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 |