Bug 2084183 (CVE-2022-21499)

Summary: CVE-2022-21499 kernel: possible to use the debugger to write zero into a location of choice
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bdettelb, bhu, bskeggs, chwhite, crwood, ddepaula, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jch, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, scweaver, security-response-team, steved, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.19 rc1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the kernel/debug/debug_core.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-05 16:35:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2096817, 2104748, 2104749, 2104750, 2104751    
Bug Blocks: 2084172    

Description Marian Rehak 2022-05-11 15:30:58 UTC 
A flaw was found in kernel/debug/debug_core.c in the Linux kernel in the lockdown mode.  In this flaw, an attacker with local access could trigger the debugger, bypass lockdown and write anonymously.

In this flaw, KGDB and KDB allow read and write access to kernel memory, and thus should not be allowed during lockdown. An attacker with access to a serial port could trigger the debugger and use it to bypass lockdown.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eadb2f47a3ced5c64b23b90fd2a3463f63726066
Comment 2 Marian Rehak 2022-06-14 11:14:20 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2096817]
Comment 3 John Haxby 2022-06-14 15:16:53 UTC 
https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066
Comment 4 Justin M. Forbes 2022-06-16 14:12:40 UTC 
This was fixed for Fedora with the 5.17.10 stable kernel updates.
Comment 12 errata-xmlrpc 2022-11-08 09:10:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
Comment 13 errata-xmlrpc 2022-11-08 10:09:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
Comment 14 errata-xmlrpc 2022-11-15 09:45:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 15 errata-xmlrpc 2022-11-15 10:47:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 16 Product Security DevOps Team 2022-12-05 16:35:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21499
Comment 20 errata-xmlrpc 2024-02-07 16:28:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724