Bug 1888726 (CVE-2020-25656) - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl
Summary: CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl
Keywords:
Status: NEW
Alias: CVE-2020-25656
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1896773 1896774 1896775 1896776 1896777 1897134
Blocks: 1888621
TreeView+ depends on / blocked
 
Reported: 2020-10-15 15:21 UTC by msiddiqu
Modified: 2020-11-17 19:49 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description msiddiqu 2020-10-15 15:21:26 UTC
A flaw was found in Linux Kernel, where a race in KDGKBSENT and KDSKBSENT leads to use-after-free read in vt_do_kdgkb_ioctl

References: 
 
https://groups.google.com/g/syzkaller-bugs/c/kZsmxkpq3UI/m/J35PFexWBgAJ?pli=1

Comment 1 msiddiqu 2020-10-19 04:37:37 UTC
References:

https://www.openwall.com/lists/oss-security/2020/10/16/1

Comment 4 Alex 2020-11-11 14:13:44 UTC
Statement:

This issue is rated as having Moderate impact because of the attack scenario limitation where only local user with access to VT console can trigger this issue.

Comment 5 Alex 2020-11-11 14:13:51 UTC
External References:

https://lkml.org/lkml/2020/10/29/528
https://lkml.org/lkml/2020/10/16/84

Comment 7 Petr Matousek 2020-11-12 12:11:09 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1897134]

Comment 8 Fedora Update System 2020-11-16 01:09:02 UTC
FEDORA-2020-98ccae320c has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Fedora Update System 2020-11-16 01:12:45 UTC
FEDORA-2020-e211716d08 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.