A flaw was found in the Linux kernels implementation of biovec usage. A zero-length biovec request issued to the block subsystem could cause the kernel to enter an infinite loop causing a denial of service. An attacker with a local account can issue requests to a block device can cause a denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1872032 https://lore.kernel.org/lkml/89F418A9-EB20-48CB-9AE0-52C700E6BB74@lca.pw/ Proposed Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124
External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124 https://www.kernel.org/doc/html/latest/block/biovecs.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1883712]
This was fixed for Fedora with the 5.8.8 stable kernel updates.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5079 https://access.redhat.com/errata/RHSA-2020:5079
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25641
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5374 https://access.redhat.com/errata/RHSA-2020:5374
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0073 https://access.redhat.com/errata/RHSA-2021:0073
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0136 https://access.redhat.com/errata/RHSA-2021:0136