Bug 1743556 (CVE-2019-15212)
Summary: | CVE-2019-15212 kernel: double-free caused by malicious USB device in drivers/usb/misc/rio500.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, rt-maint, rvrbovsk, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A use-after-free flaw was found in the RIO500 driver in the Linux kernel. The implementation of the driver did not consider that multiple RIO500 devices could be attached to the same system, simultaneously. When a second device connects, the system overwrites the data structures in use by the first allowing a local attacker to possibly create a use-after-free situation which can lead to memory corruption, system panic, or privilege escalation. The highest threat from this vulnerability is to system availability, although data integrity is also at risk as well.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-13 10:31:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1743557 | ||
Bug Blocks: | 1743559 |
Description
Dhananjay Arunesh
2019-08-20 08:27:02 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1743557] This was fixed for Fedora with the 5.1.18 stable kernel updates. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15212 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15212 Mitigation: As the rio500 module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "blacklist rio500" >> /etc/modprobe.d/rio-500.conf # echo "install rio500 /bin/false" >> /etc/modprobe.d/rio-500.conf The system will need to be restarted if the RIO500 modules are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any devices or programs are using the USB device. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services. |