Bug 1849926 (CVE-2020-14416)
Summary: | CVE-2020-14416 kernel: slcan : race over tty->disc_data can lead use-after-free | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, bmasney, dvlasenk, hdegoede, hkrzesin, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mjg59, mlangsdo, nmurray, pmatouse, ptalbert, qzhao, rkeshri, rt-maint, rvrbovsk, steved, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A use-after-free flaw was found in slcan_write_wakeup in drivers/net/can/slcan.c in the serial CAN module slcan. A race condition occurs when communicating with can using slcan between the write (scheduling the transmit) and closing (flushing out any pending queues) the SLCAN channel. This flaw allows a local attacker with special user or root privileges to cause a denial of service or a kernel information leak. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1850402, 1850403, 1850404, 1850405, 1850406 | ||
Bug Blocks: | 1849927 |
Description
Marian Rehak
2020-06-23 08:09:12 UTC
Mitigation: Mitigation for this issue is to skip loading the affected module 'slcan' and 'slip' onto the system until a fix is available. Using a blacklist mechanism will ensure the driver is not loaded at boot time and requires specific hardware (CANbus hardware), which is not in use on the system. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 The "slcan" module is shipped by Red Hat from RHEL 7.3 onwards. The "slcan" module can not be loaded on RHEL 7.2 and prior version. "slcan" Utilities are missing in the lower version than 7.3. source for drivers/net/can/slcan.c or configuration CONFIG_CAN_SLCAN was not seen. Can we say that RHEL 5 and 6 are unaffected by this flaw? |