Bug 1690716 (thunderclap) - kernel: DMA attack using peripheral devices (Thunderclap)
Summary: kernel: DMA attack using peripheral devices (Thunderclap)
Keywords:
Status: CLOSED ERRATA
Alias: thunderclap
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1692237 1692238 1692245 1692246 1692247 1692248 1692249 1692587 1700376 1700377
Blocks: 1684685
TreeView+ depends on / blocked
 
Reported: 2019-03-20 05:28 UTC by Wade Mealing
Modified: 2023-05-12 21:15 UTC (History)
43 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw that allowed an attacker to corrupt memory and escalate privileges was found in the Linux kernel's protection of memory access by attached devices.
Clone Of:
Environment:
Last Closed: 2019-07-30 13:18:26 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1977 0 None None None 2019-07-30 14:16:01 UTC
Red Hat Product Errata RHSA-2019:1959 0 None None None 2019-07-30 09:42:18 UTC
Red Hat Product Errata RHSA-2019:1971 0 None None None 2019-07-30 11:02:11 UTC

Description Wade Mealing 2019-03-20 05:28:27 UTC 
"Thunderclap vulnerabilities are security flaws that affect the way modern computers interact with peripheral devices such as network cards, storage, and graphics cards. These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target machine in a matter of seconds, running arbitrary code at the highest privilege level and potentially gaining access to passwords, banking logins, encryption keys, private files, browsing and other data. Attacks exploiting these vulnerabilities can also be carried out by seemingly innocuous peripherals like chargers and projectors that correctly charge or project video but simultaneously compromise the host machine".

- From https://thunderclap.io/

Recently, Intel have contributed patches to version 5.0 of the Linux kernel (shortly to be released) that enable the IOMMU for Thunderbolt and prevent the protection-bypass vulnerability that uses the ATS feature of PCI Express.

No CVE's have been assigned to this issue at this time.

Related links:

http://thunderclap.io/

https://github.com/torvalds/linux/commit/d8b8591054575f33237556c32762d54e30774d28
https://github.com/torvalds/linux/commit/fb58fdcd295b914ece1d829b24df00a17a9624bc
Comment 1 Wade Mealing 2019-03-20 07:32:37 UTC 
Mitigation:

Disabling hardware ports affected by this flaw in system BIOS or firmware will prevent access.  However this may be too strict in some cases.

Some level of mitigation can be achieved by configuring USB guard to block untrusted devices. USB guard is available for Red Hat Enterprise Linux 7.3 and later, see  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using-usbguard for details.
Comment 4 Wade Mealing 2019-03-25 06:59:54 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1692237]
Comment 11 Justin M. Forbes 2019-04-11 12:09:12 UTC 
These patches are included in the 5.0.7 stable updates for Fedora.
Comment 13 errata-xmlrpc 2019-07-30 09:42:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1959
Comment 14 errata-xmlrpc 2019-07-30 11:02:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:1971
Note You need to log in before you can comment on or make changes to this bug.