Bug 2027798 (CVE-2019-0136)

Summary: CVE-2019-0136 kernel: insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver may allow an unauthenticated user to potentially enable DoS via adjacent access
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bdettelb, bhu, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, nmurray, ptalbert, qzhao, rvrbovsk, steved, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s implementation of wireless drivers for the Intel PROset wireless hardware. This flaw allows an unauthorized attacker within the wireless radio range to cause the driver and the system to disconnect from the wireless network, triggering the operating system to lose network connectivity while the system is not connected. The highest threat from this vulnerability is system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-02 04:38:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2027799    
Bug Blocks: 2027471    

Description Guilherme de Almeida Suckevicz 2021-11-30 17:12:56 UTC 
A flaw was found in the Linux kernels implementation of wireless drivers for intel PROset wireleless hardware. An unauthorized attacker within wireless radio range can attack the driver and cause the system to disconnect from the wireless network triggering the operating system to loose network connectivity while the system is not connected.

Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html

Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=79c92ca42b5a3e0ea172ea2ce8df8e125af237da
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=588f7d39b3592a36fb7702ae3b8bdd9be4621e2f
Comment 1 Guilherme de Almeida Suckevicz 2021-11-30 17:13:34 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2027799]
Comment 2 juneau 2021-11-30 19:59:43 UTC 
Hosted OSD, Other Services "notaffected" for unused wireless hardware driver.
Comment 4 Justin M. Forbes 2021-12-01 12:46:50 UTC 
This was fixed for Fedora with the 5.1.15 stable kernel updates.
Comment 8 Product Security DevOps Team 2021-12-02 04:38:43 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-0136