1831849 – (CVE-2020-12652) CVE-2020-12652 kernel: race condition in __mptctl_ioctl function in drivers/message/fusion/mptctl.c allows local users to hold an incorrect lock during the ioctl operation

Bug 1831849 (CVE-2020-12652) - CVE-2020-12652 kernel: race condition in __mptctl_ioctl function in drivers/message/fusion/mptctl.c allows local users to hold an incorrect lock during the ioctl operation

Summary: CVE-2020-12652 kernel: race condition in __mptctl_ioctl function in drivers/m...

Keywords:
Status:	NEW
Alias:	CVE-2020-12652
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1831853 1838204 1838205
Blocks:	1831851
TreeView+	depends on / blocked

Reported:	2020-05-05 18:41 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-01-19 19:11 UTC (History)
CC List:	39 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in __mptctl_ioctl in drivers/message/fusion/mptctl.c in Fusion MPT base driver 'mptctl' in the SCSI device module, where an incorrect lock leads to a race problem. This flaw allows an attacker with local access and special user (or root) privileges to cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-05-05 18:41:11 UTC

A vulnerability was found in __mptctl_ioctl in drivers/message/fusion/mptctl.c in Fusion MPT base driver 'mptctl'  in SCSI device module. In this problem holding an incorrect lock can lead to a race problem, where an attacker with a local access and a special user (or root) privilege can cause denial of service (DoS) problem.

The __mptctl_ioctl function allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability. 

Reference and upstream commit:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b

Comment 1 Guilherme de Almeida Suckevicz 2020-05-05 18:44:28 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1831853]

Comment 2 Justin M. Forbes 2020-05-05 19:25:43 UTC

This was fixed for Fedora with the 5.4.14 stable kernel update.

Comment 8 RaTasha Tillery-Smith 2020-05-28 17:31:28 UTC

Mitigation:

Mitigation for this issue is to skip loading the affected module Fusion MPT base driver 'mptctl' onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.
~~~
How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278 
~~~

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
bmasney
dvlasenk
hdegoede
hkrzesin
ichavero
itamar
jarodwilson
jeremy
jforbes
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
kyoshida
lgoncalv
linville
masami256
mchehab
mjg59
mlangsdo
nmurray
ptalbert
qzhao
rkeshri
rt-maint
rvrbovsk
steved
williams