Bug 1895961 (CVE-2020-25704)
| Summary: | CVE-2020-25704 kernel: perf_event_parse_addr_filter memory | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dramseur, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, itamar, jarodwilson, jeremy, jforbes, jglisse, jhunter, jlelli, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kmitts, lgoncalv, linville, masami256, mchehab, mcressma, mgala, mjg59, mjudeiki, mlangsdo, mmilgram, nmurray, ptalbert, qzhao, rt-maint, rvrbovsk, steved, walters, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.10-rc3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 20:37:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1895963, 1901932, 1901933, 1901934, 1901935, 1901936, 1962330, 1962331 | ||
| Bug Blocks: | 1895965 | ||
|
Description
Dhananjay Arunesh
2020-11-09 14:50:59 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1895963] Upstream Patch: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 External References: https://www.openwall.com/lists/oss-security/2020/11/09/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25704 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2719 https://access.redhat.com/errata/RHSA-2021:2719 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2718 https://access.redhat.com/errata/RHSA-2021:2718 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0063 https://access.redhat.com/errata/RHSA-2022:0063 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0065 https://access.redhat.com/errata/RHSA-2022:0065 |