Bug 1817047 (CVE-2020-8832)

Summary: CVE-2020-8832 kernel: incomplete fix for CVE-2019-14615 allows for a local information exposure
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rt-maint, rvrbovsk, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An information disclosure flaw was found in the Linux kernel. The original fix for CVE-2019-14615 was deemed to be incomplete. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-22 04:15:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1817048, 1837161, 1837162, 1837163, 1837164, 1837165    
Bug Blocks: 1817052    

Description Marian Rehak 2020-03-25 13:39:06 UTC 
The fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information.

https://lists.ubuntu.com/archives/kernel-team/2020-February/107444.html
Comment 1 Marian Rehak 2020-03-25 13:39:50 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1817048]
Comment 2 Wade Mealing 2020-05-14 12:44:31 UTC 
Mitigation:

Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs “How do I blacklist a kernel module to prevent it from loading automatically?“  (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly.

This mitigation may not be suitable if the graphical login functionality is required.
Comment 3 Wade Mealing 2020-05-14 12:53:43 UTC 
This flaw is rated as moderate, it appears to only leak graphic shader context, not screen contents.

Unlike the previous CVE, this fix is not valid at this point in Red Hat Enterprise Linux 6's lifecycle.
Comment 9 Dave Airlie 2021-04-22 04:10:26 UTC 
This dosen't apply to us as we are not going to close the original bug for that hardware until 8.5 Y stream.
Comment 10 Wade Mealing 2021-04-22 04:15:34 UTC 
Ok closing up, since we're considering this fixed for the releases.  Older hardware fixes will filter in on 8.5