Bug 1846380 (CVE-2020-10773)
| Summary: | CVE-2020-10773 kernel: kernel stack information leak on s390/s390x | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | acaringi, airlied, aquini, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rrakesh2, rt-maint, rvrbovsk, steved, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel-5.4-rc6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 02:25:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1846531, 1846532, 1846533, 1846534, 1846535, 1846536 | ||
| Bug Blocks: | 1766285 | ||
|
Description
Alex
2020-06-11 13:17:50 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1846531] Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: This issue is rated as having Low impact because of being limited to only s390 architecture and very limited kernel stack exposure. External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f This was fixed for Fedora with the 5.3.9 stable kernel updates. /arch/s390/mm/cmm.c and /proc/sys/vm/cmm_timeout does not exists is RHEL 6 , kernel-2.6.32-754.35.1.el6.x86_64 Is RHEL 6 unaffected by this flaw? Hello, In reply to comment #12: > /arch/s390/mm/cmm.c and /proc/sys/vm/cmm_timeout does not exists is RHEL 6 , > kernel-2.6.32-754.35.1.el6.x86_64 > Is RHEL 6 unaffected by this flaw? this issue is out of support scope for both Red Hat Enterprise Linux 5 and 6. As such, we haven't performed the investigation on these product versions. Our metadata were saying the contrary, I fixed that. Sorry for the confusion. Best regards, Petr Matousek / Red Hat Product Security This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10773 |