A vulnerability was found in the Linux kernel, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory. Reference: https://github.com/openSUSE/kernel/commit/72be029e947510dd6cbbbaf51879622af26e4200 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df7e40425813c50cd252e6f5e348a81ef1acae56 https://github.com/torvalds/linux/commit/df7e40425813c50cd252e6f5e348a81ef1acae56
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1762322]
This was fixed upstream in the 4.17 kernel, and has not impacted any of the currently supported versions of Fedora.
Red Hat Enterprise Linux 8 and 9 ship support for aarm64, which this specific bit of hardware requires. $ git grep --heading -A 10 "static struct ib_ucontext \*$affected_function" -- '*.[ch]' drivers/infiniband/hw/hns/hns_roce_main.c static struct ib_ucontext *hns_roce_alloc_ucontext(struct ib_device *ib_dev, struct ib_udata *udata) { int ret = 0; struct hns_roce_ucontext *context; struct hns_roce_ib_alloc_ucontext_resp resp = {}; struct hns_roce_dev *hr_dev = to_hr_dev(ib_dev); if (!hr_dev->active) return ERR_PTR(-EAGAIN); kernel-alt for el7 arm64 has same patch already applied and not affected.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16921