A vulnerability was found in __mptctl_ioctl in drivers/message/fusion/mptctl.c in Fusion MPT base driver 'mptctl' in SCSI device module. In this problem holding an incorrect lock can lead to a race problem, where an attacker with a local access and a special user (or root) privilege can cause denial of service (DoS) problem. The __mptctl_ioctl function allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability. Reference and upstream commit: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1831853]
This was fixed for Fedora with the 5.4.14 stable kernel update.
Mitigation: Mitigation for this issue is to skip loading the affected module Fusion MPT base driver 'mptctl' onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~