Bug 2019643 (CVE-2021-3923)

Summary: CVE-2021-3923 kernel: stack information leak in infiniband RDMA
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, allarkin, bdettelb, bhu, carnil, chwhite, crwood, dbohanno, ddepaula, debarbos, dfreiber, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kernel-mgr, kheib, ldoskova, lgoncalv, lzampier, nmurray, ptalbert, qzhao, rkeshri, rogbas, rrobaina, rvrbovsk, rysulliv, scweaver, tyberry, vkumar, vsroka, walters, wcosta, williams, wmealing, ycote
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.16 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2006441, 2025832, 2025833, 2025834, 2025835, 2025836, 2036597, 2181601    
Bug Blocks: 2019635, 2019644    

Description Michael Kaplan 2021-11-03 02:20:15 UTC 
A flaw was found in the linux kernels implementation of RDMA over infiniband.  An attacker with a priviledged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node.

While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Comment 13 Pedro Sampaio 2023-03-24 17:32:39 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2181601]
Comment 14 Justin M. Forbes 2023-03-24 20:49:12 UTC 
This was fixed for Fedora with the 5.15.14 stable kernel updates.
Comment 15 Salvatore Bonaccorso 2023-03-25 07:27:00 UTC 
Is this related to upstream commit https://git.kernel.org/linus/e1e354771812b12f0b4c433bbaf916f87cd0f6c7
Comment 16 Wade Mealing 2023-03-28 06:06:23 UTC 
Sorry Salvatore, i dont check needinfos so frequently in bugzilla these days.

From my notes it looks as though it was fixed here:

https://lore.kernel.org/all/20220204100036.GA12348@kili/
Comment 29 Mauro Matteo Cascella 2023-08-28 15:08:28 UTC 
This issue was fixed upstream in kernel version 5.16. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1988

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1975