A vulnerability was found in kernel, where Intel OPA Gen1 adapter" (CONFIG_INFINIBAND_HFI1) for Kernel versions after these two commits e0cf75deab81 ("IB/hfi1: Fix mm_struct use after free") 3faa3d9a308e ("IB/hfi1: Make use of mm consistent") , there is a potential problem where if a child process with access to the parents file handle calls an IOCTL or write or close, the value of the mm will be that of the parent, not the child process. This can lead to use-after-free security issue.
The patch is: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/infiniband/hw/hfi1/mmu_rb.c?id=3d2a9d642512c21a12d19b9250e7a835dcb41a79
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1906122]
This was fixed for Fedora with the 5.9.12 stable kernel updates.
Statement: This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user with access to a system with specific hardware present.
Mitigation: To mitigate this issue, prevent the module hfi1 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to denylist a kernel module to prevent it from loading automatically.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27835