Bug 1743547 (CVE-2018-20976)
Summary: | CVE-2018-20976 kernel: use-after-free in fs/xfs/xfs_super.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, aolandt, bdettelb, bfoster, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, esandeen, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jschorr, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, security-response-team, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure (sb->s_fs_info) may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who is able to groom memory to place an attacker-controlled data structure in this location and create a use-after-free situation which can result in memory corruption or privilege escalation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-21 20:09:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1782047, 1782048, 1782049, 1782050, 1782051, 1783127, 1783128, 1783129, 1783130, 1783131, 1783132, 1783133, 1783134, 1783135, 1804344 | ||
Bug Blocks: | 1743613 |
Description
msiddiqu
2019-08-20 08:19:01 UTC
Statement: Red Hat Enterprise Linux 7.6.z had fixed this flaw mid release without it being recognised as a CVE. Prior releases of Red Hat Enterprise Linux EUS/AUS will still require the fix to be secure. Trackers have been made and fixes will be available as part of the standard release cycle. This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:0178 https://access.redhat.com/errata/RHSA-2020:0178 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20976 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0543 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:0592 https://access.redhat.com/errata/RHSA-2020:0592 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:0609 https://access.redhat.com/errata/RHSA-2020:0609 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661 |