Bug 1802555 (CVE-2020-8649)
| Summary: | CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, pmatouse, qzhao, rt-maint, rvrbovsk, steved, williams, wmealing |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-29 21:59:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1802558, 1818730, 1818731, 1818732, 1818733, 1818735, 2050633, 2059164 | ||
| Bug Blocks: | 1802565 | ||
|
Description
Dhananjay Arunesh
2020-02-13 11:56:51 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1802558] This issues was fixed for Fedora with the 5.4.25 stable kernel updates. Statement: This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8649 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1209 https://access.redhat.com/errata/RHSA-2022:1209 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1213 https://access.redhat.com/errata/RHSA-2022:1213 |