Bug 1836244 (CVE-2020-12888) - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
Summary: CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices ma...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12888
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1820632 1837291 1837292 1837293 1837294 1837295 1837302 1837303 1837305 1837306 1837307 1837308 1837309 1837310 1837312 1837313 1837314 1836245 1837297 1837298 1837299 1837300 1837301 1837304 1837311
Blocks: 1827369
TreeView+ depends on / blocked
 
Reported: 2020-05-15 13:13 UTC by Prasad J Pandit
Modified: 2020-06-23 20:18 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. This flaw allows a guest user or process to crash the host system resulting in a denial of service.
Clone Of:
Environment:
Last Closed: 2020-06-23 17:20:29 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2712 None None None 2020-06-23 20:18:39 UTC
Red Hat Product Errata RHSA-2020:2664 None None None 2020-06-23 12:25:49 UTC
Red Hat Product Errata RHSA-2020:2665 None None None 2020-06-23 12:26:14 UTC

Description Prasad J Pandit 2020-05-15 13:13:38 UTC
Linux kernel allows user space processes (like guest VM) to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access(r/w) devices' MMIO address space, when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, essentially crashing down the system. A guest user/process may use this flaw to crash the host system resulting in DoS scenario.

Upstream patches:
-----------------
  -> https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/
  -> https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/05/19/6

Comment 1 Prasad J Pandit 2020-05-15 13:14:11 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1836245]

Comment 3 RaTasha Tillery-Smith 2020-05-18 15:27:06 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue affects the versions of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.

Comment 9 errata-xmlrpc 2020-06-23 12:25:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2664 https://access.redhat.com/errata/RHSA-2020:2664

Comment 10 errata-xmlrpc 2020-06-23 12:26:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2665 https://access.redhat.com/errata/RHSA-2020:2665

Comment 11 Product Security DevOps Team 2020-06-23 17:20:29 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12888


Note You need to log in before you can comment on or make changes to this bug.