Bug 1781204 (CVE-2020-10720)
Summary: | CVE-2020-10720 kernel: use-after-free read in napi_gro_frags() in the Linux kernel | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bdettelb, bhu, blc, brdeoliv, bskeggs, carnil, dhoward, dvlasenk, esammons, eshatokhin, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jaeshin, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jschorr, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, qzhao, rt-maint, rvrbovsk, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-07 19:27:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1718393, 1781207, 1832736, 1832737, 1832738 | ||
Bug Blocks: | 1781208 |
Description
Marian Rehak
2019-12-09 14:24:34 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1781207] This was fixed for Fedora with the 5.0.21 stable kernel updates. Looks like http://patchwork.lab.bos.redhat.com/patch/271215/ is internal to RedHat. Are there any external references (e.g. the fix in the mainline or stable kernels)? Unfortunately, no external references yet. Hi Looking at the given description, this matches upstream commit https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef in v5.2-rx3 which was backported as well to various stable series 3.16.75, 4.4.181, 4.9.181, 4.14.124, 4.19.48, 5.0.21, 5.1.7. Regards, Salvatore Thank you, Salvatore! Looks like this is it indeed. And here is, perhaps, the syzbot's report mentioned in the commit message: https://syzkaller.appspot.com/bug?id=7b571739e71a77303e665c793d1f773ce3823226 Mitigation: Disabling GSO on the cards using ethtool will prevent this codepath from being taken. Statement: This issue is rated as having Moderate impact because it appears to be limited to only to a crash. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2854 https://access.redhat.com/errata/RHSA-2020:2854 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10720 |