Bug 1995236 (CVE-2021-0084)

Summary: CVE-2021-0084 kernel: Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, asavkov, bhu, blc, brdeoliv, bskeggs, chwhite, crwood, ctoe, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rhandlin, rvrbovsk, steved, walters, williams, ycote
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. This flaw allows a local authenticated user to enable the escalation of privileges due to improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-26 00:59:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1995237    
Bug Blocks: 1995239    

Description Pedro Sampaio 2021-08-18 16:39:10 UTC 
Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00515.html
Comment 1 Pedro Sampaio 2021-08-18 16:41:04 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1995237]
Comment 2 Justin M. Forbes 2021-08-18 19:43:08 UTC 
This is not in kernel code, but external drivers available from Intel.
Comment 3 Wade Mealing 2021-08-19 03:05:15 UTC 
@Jforbes, thats what i thought too.. however upstream intel shares quite a lot of structure with the 'ice' kernel module in the kernel.  Intel security team has been contacted awaiting their reply on more specific details as there is insufficient data to draw accurate conclusions at this time.

If you have evidence supporting otherwise, happy to hear it.
Comment 5 Wade Mealing 2021-08-26 00:59:54 UTC 
Its been 7 days and three emails with no data from intel regarding these flaws and if they affect the upstream release.  If they get back to me with data I'll re-open the flaws.  Till then I'll mark notaffected as I do not have sufficient information to state affectedness.