Bug 1930246 (CVE-2020-12362)
Summary: | CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, dhoward, dvlasenk, dwmw2, fhrbata, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, laura, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, pbrobinson, pmatouse, ptalbert, qzhao, rvrbovsk, security-response-team, steved, walters, williams, yozone | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: |
A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2021-05-18 20:38:32 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1930247, 1934410, 1934417, 1934418, 1935271, 1935272, 1935273, 1935274, 1935275, 1935276, 1935277, 1935278, 1935279, 1935280, 1935281, 1935282, 1935283, 1935284, 1935285, 1935286, 1935287, 1935288, 1935289, 1935290, 1935291, 1935292, 1935293, 1935294, 1935295, 1935296, 1935298 | ||||||||
Bug Blocks: | 1930256 | ||||||||
Attachments: |
|
Description
Pedro Sampaio
2021-02-18 15:05:19 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1930247] This was fixed for Fedora with the 5.5 stable kernel updates. Upstream fixes are combination of firmware and kernel update: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c784e5249e773689e38d2bc1749f08b986621a26 Created linux-firmware tracking bugs for this issue: Affects: fedora-all [bug 1934418] Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Created attachment 1773173 [details]
disable the fw loading on i915 option.
By default out of the box we are not affected by this bug. We don't enable GUC fw loading/submission on any platforms by default yet AFAICS. The only way to enable GuC fw loading is to pass i915.enable_guc on the command line. So by default there is no need to mitigate this. Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this. I think we can fix this for the newer kernels fine, but I'm not sure it's worth fixing it for too many of the older ones. The patch I've attached just completely blocks passing the enable_guc command line parameter and prints a warning if it is. Statement: Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue. To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system. Created attachment 1774212 [details]
alternate patch to just print a dmesg warning if enable_guc is used on older kernels.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1620 https://access.redhat.com/errata/RHSA-2021:1620 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12362 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:2164 https://access.redhat.com/errata/RHSA-2021:2164 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2190 https://access.redhat.com/errata/RHSA-2021:2190 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2185 https://access.redhat.com/errata/RHSA-2021:2185 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:2293 https://access.redhat.com/errata/RHSA-2021:2293 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:2355 https://access.redhat.com/errata/RHSA-2021:2355 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2523 https://access.redhat.com/errata/RHSA-2021:2523 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2021:2735 https://access.redhat.com/errata/RHSA-2021:2735 |