Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1930247]
This was fixed for Fedora with the 5.5 stable kernel updates.
Upstream fixes are combination of firmware and kernel update: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c784e5249e773689e38d2bc1749f08b986621a26
Created linux-firmware tracking bugs for this issue: Affects: fedora-all [bug 1934418]
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Created attachment 1773173 [details] disable the fw loading on i915 option.
By default out of the box we are not affected by this bug. We don't enable GUC fw loading/submission on any platforms by default yet AFAICS. The only way to enable GuC fw loading is to pass i915.enable_guc on the command line. So by default there is no need to mitigate this. Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this. I think we can fix this for the newer kernels fine, but I'm not sure it's worth fixing it for too many of the older ones. The patch I've attached just completely blocks passing the enable_guc command line parameter and prints a warning if it is.
Statement: Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue. To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.
Created attachment 1774212 [details] alternate patch to just print a dmesg warning if enable_guc is used on older kernels.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1620 https://access.redhat.com/errata/RHSA-2021:1620
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12362
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:2164 https://access.redhat.com/errata/RHSA-2021:2164
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2190 https://access.redhat.com/errata/RHSA-2021:2190
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2185 https://access.redhat.com/errata/RHSA-2021:2185
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:2293 https://access.redhat.com/errata/RHSA-2021:2293
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:2355 https://access.redhat.com/errata/RHSA-2021:2355
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2523 https://access.redhat.com/errata/RHSA-2021:2523
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2021:2735 https://access.redhat.com/errata/RHSA-2021:2735