Bug 1819377 (CVE-2019-9458)
Summary: | CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, allarkin, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rt-maint, rvrbovsk, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-07 19:27:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1819379, 1828802, 1828803, 1828804, 1828805, 1828806, 1888700 | ||
Bug Blocks: | 1750356, 1819378 |
Description
msiddiqu
2020-03-31 19:10:34 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1819379] This was fixed for Fedora in the 4.18.12 stable kernel update. Mitigation: To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. Statement: This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2854 https://access.redhat.com/errata/RHSA-2020:2854 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9458 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609 |