Bug 1881424 (CVE-2020-25641) - CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
Summary: CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-25641
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1882436 1882437 1872032 1882220 1882221 1882222 1883712 1888859 1889263 1889264
Blocks: 1879956
TreeView+ depends on / blocked
 
Reported: 2020-09-22 11:45 UTC by Michael Kaplan
Modified: 2024-03-25 16:33 UTC (History)
47 users (show)

Fixed In Version: kernel-5.9-rc7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s implementation of biovecs. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-11-10 20:21:19 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4431 0 None None None 2020-11-04 00:51:29 UTC
Red Hat Product Errata RHSA-2020:4609 0 None None None 2020-11-04 02:23:59 UTC
Red Hat Product Errata RHSA-2020:5079 0 None None None 2020-11-10 18:05:56 UTC
Red Hat Product Errata RHSA-2020:5374 0 None None None 2020-12-08 10:36:46 UTC
Red Hat Product Errata RHSA-2021:0073 0 None None None 2021-01-12 08:54:23 UTC
Red Hat Product Errata RHSA-2021:0136 0 None None None 2021-01-14 10:30:56 UTC

Description Michael Kaplan 2020-09-22 11:45:17 UTC 
A flaw was found in the Linux kernels implementation of biovec usage.  A zero-length biovec request issued to the block subsystem could cause the kernel to enter an infinite loop causing a denial of service. An attacker with a local account can issue requests to a block device can cause a denial of service.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1872032
https://lore.kernel.org/lkml/89F418A9-EB20-48CB-9AE0-52C700E6BB74@lca.pw/

Proposed Fix: 

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124
Comment 1 Wade Mealing 2020-09-24 05:05:04 UTC 
External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124
https://www.kernel.org/doc/html/latest/block/biovecs.html
Comment 8 Wade Mealing 2020-09-30 00:25:40 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1883712]
Comment 9 Justin M. Forbes 2020-09-30 12:24:41 UTC 
This was fixed for Fedora with the 5.8.8 stable kernel updates.
Comment 10 Petr Matousek 2020-10-13 15:46:48 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 14 errata-xmlrpc 2020-11-04 00:51:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
Comment 15 errata-xmlrpc 2020-11-04 02:23:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609
Comment 17 errata-xmlrpc 2020-11-10 18:05:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5079 https://access.redhat.com/errata/RHSA-2020:5079
Comment 18 Product Security DevOps Team 2020-11-10 20:21:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25641
Comment 19 errata-xmlrpc 2020-12-08 10:36:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5374 https://access.redhat.com/errata/RHSA-2020:5374
Comment 20 errata-xmlrpc 2021-01-12 08:54:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0073 https://access.redhat.com/errata/RHSA-2021:0073
Comment 21 errata-xmlrpc 2021-01-14 10:30:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0136 https://access.redhat.com/errata/RHSA-2021:0136
Note You need to log in before you can comment on or make changes to this bug.