Bug 1778860 (CVE-2019-19252)

Summary: CVE-2019-19252 kernel: vcs_write in drivers/tty/vt/vc_screen.c does not prevent write access to vcsu devices
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, airlied, bdettelb, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jschorr, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, qzhao, rt-maint, rvrbovsk, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s virtual console implementation of Unicode usage. This flaw allows a local attacker with permissions on the /dev/vcsu* devices to crash the system or corrupt memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-23 04:31:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1778861    
Bug Blocks: 1778862    

Description Guilherme de Almeida Suckevicz 2019-12-02 16:49:21 UTC 
A flaw was found in the Linux kernels virtual console system which attempted to implement Unicode support.  The read and write support for Unicode on virtual consoles were implemented with different commits and attempting to write to a virtual console which did not implement Unicode characters could allow for memory corruption and possibly other issues.


Reference and upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=0c9acb1af77a3cb8707e43f45b72c95266903cee
Comment 1 Guilherme de Almeida Suckevicz 2019-12-02 16:51:34 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1778861]
Comment 3 Wade Mealing 2020-03-19 05:42:25 UTC 
This flaw is rated as moderate, the attacker requires a local account with permissions to write to the correct device and this could possibly be used to trick the user into doing an action...
Comment 5 Justin M. Forbes 2020-03-19 22:05:21 UTC 
This issue was fixed with the 5.3.16 stable kernel updates.
Comment 6 Wade Mealing 2020-03-23 01:50:29 UTC 
Mitigation:

At this time there is no workaround that is suitable for a production system that would completely mitigate this flaw.
Comment 9 Product Security DevOps Team 2020-03-23 04:31:50 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19252