Bug 1848847 (CVE-2020-0067)

Summary: CVE-2020-0067 kernel: out of bounds read due to a missing bounds check in f2fs_xattr_generic_list of xattr.c leading to local information disclosure
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rt-maint, rvrbovsk, steved, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds (OOB) memory access flaw was found in the F2FS filesystem module in f2fs_listxattr in fs/f2fs/xattr.c. A missing bounds check before a memcpy can leak the kernel's internal information, and lead to a denial of service. The highest threat from this vulnerability is to confidentiality.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-19 17:20:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1848848    
Bug Blocks: 1848849    

Description Marian Rehak 2020-06-19 05:01:39 UTC 
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

Upstream Reference:

https://android.googlesource.com/kernel/common/+/688078e7
Comment 1 Marian Rehak 2020-06-19 05:02:15 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1848848]
Comment 2 Rohit Keshri 2020-06-19 10:09:38 UTC 
Affected source fs/f2fs/xattr.c with configuration option CONFIG_F2FS_FS_XATTR is not built in any of RHEL kernel versions. Marking notaffected.
Comment 3 Rohit Keshri 2020-06-19 10:26:41 UTC 
Statement:

The affected code was not introduced into any kernel versions shipped with Red Hat Enterprise Linux making this vulnerable not applicable to these platforms.
Comment 4 Rohit Keshri 2020-06-19 10:26:51 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 7 Product Security DevOps Team 2020-06-19 17:20:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-0067