An issue was discovered in the Linux kernels implementation of Extended Display Identification Data (EDID) technology. An attacker with local access could cause a system under severe memory pressure to create a null pointer dereference when plugging in a monitor. An firmware identifier string is duplicated with the kstrdup function, and the allocation may fail under very low memory conditions. This may allow an attacker to crash the system causing a denial of service (NULL pointer dereference) The conditions under which this flaw would take place are unlikely and it likely that the system OOMkiller would free available memory before the low memory condition to exploit this flaw is met. Upstream patch: https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f References: https://lkml.org/lkml/2019/5/24/843
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1715556]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1016 https://access.redhat.com/errata/RHSA-2020:1016
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1070 https://access.redhat.com/errata/RHSA-2020:1070
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12382
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2522 https://access.redhat.com/errata/RHSA-2020:2522