Bug 1852942 (CVE-2019-20908)
Summary: | CVE-2019-20908 kernel: lockdown: bypass through ACPI write via efivar_ssdt | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, gsuckevi, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rt-maint, rvrbovsk, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in how the ACPI table loading through the EFI variable (and the related efivar_ssdt boot option) was handled when the Linux kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-29 19:27:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1852944, 1852946, 1852947, 1852948, 1852949, 1852950, 1852951, 1852952, 1852953 | ||
Bug Blocks: | 1848170 |
Description
Petr Matousek
2020-07-01 16:10:47 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: This issue is rated as having Moderate impact because of the privileges required for exploitation. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1852944] External References: https://www.openwall.com/lists/oss-security/2020/06/14/1 https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e https://lore.kernel.org/linux-efi/20200615202408.2242614-1-pjones@redhat.com/ *** Bug 1857859 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3218 https://access.redhat.com/errata/RHSA-2020:3218 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3219 https://access.redhat.com/errata/RHSA-2020:3219 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20908 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3228 https://access.redhat.com/errata/RHSA-2020:3228 |