Hide Forgot
A flaw was found in the kernels implementation of the i915 graphics driver where lack of control flow for data structures may allow a local authenticated user to disclose information when issuing ioctl commands to an attached i915 devices. How it works: 1 - Userspace creates a batchbuffer 2 - Batchbuffer sent to kernel via ioctl 3 - ioctl (2) issues it as an "Execution Unit" for the hardware. 4 - The kernel schedules another process to run. 5- Another process (running as user) can access the previous Execution Unit results by re-using Execution Units results. Affected hardware: This flaw affects Gen7, 7.5 and Gen9 hardware only. See [1] The Intel graphics developer guides for information on how to identify your hardware to find if it is affected. Additional information: [1] https://software.intel.com/en-us/articles/intel-graphics-developers-guides [2] https://bwidawsk.net/blog/index.php/2013/08/i915-command-submission-via-gem_exec_nop/
Mitigation: Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs “How do I blacklist a kernel module to prevent it from loading automatically?“ (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if the graphical login functionality is required.
Upstream Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc8a76a152c5f9ef3b48104154a65a68a8b76946 https://lists.freedesktop.org/archives/intel-gfx/2020-January/225945.html
The upstream patch mentioned only fixes Skylake and above. The problem is also there on Ivybridge and Haswell, and the proposed upstream solutions are currently killing performance on those devices.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1793118]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and 8 may address this issue. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise MRG 2.