Bug 1847539 (CVE-2020-14304) - CVE-2020-14304 kernel: ethtool when reading eeprom of device could lead to memory leak
Summary: CVE-2020-14304 kernel: ethtool when reading eeprom of device could lead to me...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-14304
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1847557 1847596 1847597 1847598 1847599 1847600 1847601 1911198
Blocks: 1837276
TreeView+ depends on / blocked
 
Reported: 2020-06-16 15:10 UTC by Alex
Modified: 2023-05-12 19:40 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed: 2020-09-10 21:28:31 UTC
Embargoed:
allarkin: needinfo+

Attachments (Terms of Use)

Description Alex 2020-06-16 15:10:03 UTC 
If running ethtool for reading eeprom of device (param -m or param -e), it can lead to reading some uninitialized values from kernel memory.
However, attacker can just read some unknown values from drivers memory, but cannot control what and where reads and these values related to the driver only. Attacker cannot affect availability and cannot make any other higher impact than such reading.

The rate of issue is low both because need root access for running "ethtool -m/-e" and because it can work only for some specific network drivers.

The suggested patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702#70
Comment 2 Alex 2020-06-16 15:41:26 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1847557]
Comment 6 Alex 2020-06-17 18:48:52 UTC 
Statement:

This issue is rated as having Low impact because of being limited to only reading some of the values from the memory of some particular drivers and very limited kernel stack exposure.
Comment 7 Alex 2020-06-17 18:48:56 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 10 Petr Matousek 2020-06-24 12:23:43 UTC 
External References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702
Note You need to log in before you can comment on or make changes to this bug.