Bug 1718176 (CVE-2019-12614) - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
Summary: CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-12614
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1718185 1806629 1806630 1806631
Blocks: 1718183
TreeView+ depends on / blocked
 
Reported: 2019-06-07 08:07 UTC by Dhananjay Arunesh
Modified: 2023-10-06 18:21 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. An attacker who can change the LPAR configuration and incur low memory conditions at the same time could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed: 2020-05-12 16:31:46 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4416 0 None None None 2020-10-29 15:09:05 UTC
Red Hat Product Errata RHBA-2020:4417 0 None None None 2020-10-29 15:07:38 UTC
Red Hat Product Errata RHBA-2020:4418 0 None None None 2020-10-29 15:12:56 UTC
Red Hat Product Errata RHBA-2020:4419 0 None None None 2020-10-29 15:11:51 UTC
Red Hat Product Errata RHBA-2020:4420 0 None None None 2020-10-29 15:50:35 UTC
Red Hat Product Errata RHSA-2020:2104 0 None None None 2020-05-12 15:12:15 UTC
Red Hat Product Errata RHSA-2020:4060 0 None None None 2020-09-29 20:51:08 UTC
Red Hat Product Errata RHSA-2020:4431 0 None None None 2020-11-04 00:49:21 UTC

Description Dhananjay Arunesh 2019-06-07 08:07:17 UTC 
An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There
is an unchecked kstrdup of prop->name, which might allow an attacker to cause a
denial of service (NULL pointer dereference and system crash).

Reference:
https://lkml.org/lkml/2019/6/3/526

Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607
Comment 1 Dhananjay Arunesh 2019-06-07 08:18:31 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1718185]
Comment 2 Petr Matousek 2020-02-24 16:19:11 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 4 Petr Matousek 2020-02-24 16:26:23 UTC 
Statement:

An attacker needs to be highly privileged to exploit this issue. He either needs to trigger LPAR configuration change (or wait for such event to happen) and incur low memory conditions at the same time. It could be argued that possessing privileges required to exploit this issue could have the same impact as the issue itself.

The indications say that this issue was found by static code analysing tool which looks for memory allocations without failure checks and not actually reproduced on a running system. The CVE assignment also looks automated and following the "better be safe than sorry" approach.

As such, this issue is theoretical in nature and Low impact at best.
Comment 5 errata-xmlrpc 2020-05-12 15:12:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104
Comment 6 Product Security DevOps Team 2020-05-12 16:31:46 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-12614
Comment 7 errata-xmlrpc 2020-09-29 20:51:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
Comment 23 errata-xmlrpc 2020-11-04 00:49:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
Note You need to log in before you can comment on or make changes to this bug.