Bug 1832866 (CVE-2020-12657)
Summary: | CVE-2020-12657 kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rhandlin, rt-maint, rvrbovsk, steved, williams, wmealing, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.6.5 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-09 23:20:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1832867, 1835529, 1835530, 1835531, 1835532, 1835533, 1835534, 1835535, 1835536, 1835537, 1835538 | ||
Bug Blocks: | 1833237 |
Description
Michael Kaplan
2020-05-07 12:23:56 UTC
Upstream Patch: https://patchwork.kernel.org/patch/11447049/ Upstream Commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1832867] This was fixed for Fedora with the 5.5.18 stable kernel update. Mitigation: The default io scheduler for Red Hat Enterprise Linux 8 is the mq-deadline scheduler, however it can be configured to any of the available schedulers available on the system on a per-device basis. The schedulers in use can be verified by the block devices entry in sysfs, for example for "sda": # cat /sys/block/sda/queue/scheduler [mq-deadline] kyber bfq none All block devices in the system will need to be changed to be mitigated. If the system workload requires bfq, this may not be an acceptable workaround however some systems may find changing io schedulers to be an acceptable workaround until system updates can be applied. See https://access.redhat.com/solutions/3756041 for how to configure the io scheduler persistently across system reboots or contact Red Hat Global Support Services. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2428 https://access.redhat.com/errata/RHSA-2020:2428 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2429 https://access.redhat.com/errata/RHSA-2020:2429 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2427 https://access.redhat.com/errata/RHSA-2020:2427 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12657 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2567 https://access.redhat.com/errata/RHSA-2020:2567 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2667 https://access.redhat.com/errata/RHSA-2020:2667 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2669 https://access.redhat.com/errata/RHSA-2020:2669 |