Bug 1947991 (CVE-2020-36312)

Summary: CVE-2020-36312 kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bmasney, chwhite, crwood, dvlasenk, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, steved, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.9 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvm_io_bus_unregister_dev() upon a kmalloc failure. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1966160, 1966161, 1966162, 1947992, 1956680, 1956681    
Bug Blocks: 1947993    

Description Guilherme de Almeida Suckevicz 2021-04-09 17:07:32 UTC 
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure.

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e
Comment 1 Guilherme de Almeida Suckevicz 2021-04-09 17:08:00 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1947992]
Comment 2 Justin M. Forbes 2021-04-12 21:23:04 UTC 
This was fixed for Fedora with the 5.8.10 stable kernel updates.
Comment 4 Mauro Matteo Cascella 2021-05-04 08:35:40 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.