Bug 1762321 (CVE-2019-16921) - CVE-2019-16921 kernel: information disclosure in hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c
Summary: CVE-2019-16921 kernel: information disclosure in hns_roce_alloc_ucontext in d...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-16921
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1762322
Blocks: 1762323
TreeView+ depends on / blocked
 
Reported: 2019-10-16 14:18 UTC by Dhananjay Arunesh
Modified: 2020-05-05 13:02 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An information disclosure flaw was found in the Linux kernel. The Infiniband driver does not initialize the resp data structure which allows an attacker to obtain sensitive information from kernel stack memory. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed: 2020-01-17 08:09:30 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-10-16 14:18:14 UTC
A vulnerability was found in the Linux kernel, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory.

Reference:
https://github.com/openSUSE/kernel/commit/72be029e947510dd6cbbbaf51879622af26e4200
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df7e40425813c50cd252e6f5e348a81ef1acae56
https://github.com/torvalds/linux/commit/df7e40425813c50cd252e6f5e348a81ef1acae56

Comment 1 Dhananjay Arunesh 2019-10-16 14:18:48 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1762322]

Comment 2 Justin M. Forbes 2019-10-16 16:15:25 UTC
This was fixed upstream in the 4.17 kernel, and has not impacted any of the currently supported versions of Fedora.

Comment 5 Wade Mealing 2020-01-17 05:27:04 UTC
Red Hat Enterprise Linux 8 and 9 ship support for aarm64, which this specific bit of hardware requires.

$ git grep --heading  -A 10 "static struct ib_ucontext \*$affected_function" -- '*.[ch]' 

      drivers/infiniband/hw/hns/hns_roce_main.c
      static struct ib_ucontext *hns_roce_alloc_ucontext(struct ib_device *ib_dev,
							 struct ib_udata *udata)
      {
	      int ret = 0;
	      struct hns_roce_ucontext *context;
	      struct hns_roce_ib_alloc_ucontext_resp resp = {};
	      struct hns_roce_dev *hr_dev = to_hr_dev(ib_dev);

	      if (!hr_dev->active)
		      return ERR_PTR(-EAGAIN);

kernel-alt for el7 arm64 has same patch already applied and not affected.

Comment 6 Product Security DevOps Team 2020-01-17 08:09:30 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-16921


Note You need to log in before you can comment on or make changes to this bug.