Bug 1778860 (CVE-2019-19252)
Summary: | CVE-2019-19252 kernel: vcs_write in drivers/tty/vt/vc_screen.c does not prevent write access to vcsu devices | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | acaringi, airlied, bdettelb, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jschorr, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, qzhao, rt-maint, rvrbovsk, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel’s virtual console implementation of Unicode usage. This flaw allows a local attacker with permissions on the /dev/vcsu* devices to crash the system or corrupt memory.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-23 04:31:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1778861 | ||
Bug Blocks: | 1778862 |
Description
Guilherme de Almeida Suckevicz
2019-12-02 16:49:21 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1778861] This flaw is rated as moderate, the attacker requires a local account with permissions to write to the correct device and this could possibly be used to trick the user into doing an action... This issue was fixed with the 5.3.16 stable kernel updates. Mitigation: At this time there is no workaround that is suitable for a production system that would completely mitigate this flaw. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19252 |