Bug 1930246 (CVE-2020-12362) - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
Summary: CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12362
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1930247 1934410 1934417 1934418 1935271 1935272 1935273 1935274 1935275 1935276 1935277 1935278 1935279 1935280 1935281 1935282 1935283 1935284 1935285 1935286 1935287 1935288 1935289 1935290 1935291 1935292 1935293 1935294 1935295 1935296 1935298
Blocks: 1930256
TreeView+ depends on / blocked
 
Reported: 2021-02-18 15:05 UTC by Pedro Sampaio
Modified: 2022-04-17 21:10 UTC (History)
46 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-05-18 20:38:32 UTC
Embargoed:


Attachments (Terms of Use)
disable the fw loading on i915 option. (1.33 KB, patch)
2021-04-19 04:06 UTC, Dave Airlie
no flags Details | Diff
alternate patch to just print a dmesg warning if enable_guc is used on older kernels. (1.30 KB, patch)
2021-04-22 01:09 UTC, Dave Airlie
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:2362 0 None None None 2021-06-09 11:51:37 UTC
Red Hat Product Errata RHBA-2021:2538 0 None None None 2021-06-23 18:06:28 UTC
Red Hat Product Errata RHBA-2021:2541 0 None None None 2021-06-24 11:51:51 UTC
Red Hat Product Errata RHSA-2021:2293 0 None None None 2021-06-08 14:43:43 UTC
Red Hat Product Errata RHSA-2021:2314 0 None None None 2021-06-08 22:31:29 UTC
Red Hat Product Errata RHSA-2021:2316 0 None None None 2021-06-08 22:32:57 UTC
Red Hat Product Errata RHSA-2021:2355 0 None None None 2021-06-09 09:27:42 UTC
Red Hat Product Errata RHSA-2021:2523 0 None None None 2021-06-22 17:37:08 UTC
Red Hat Product Errata RHSA-2021:2735 0 None None None 2021-07-20 20:54:24 UTC

Description Pedro Sampaio 2021-02-18 15:05:19 UTC
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

Comment 1 Pedro Sampaio 2021-02-18 15:06:31 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1930247]

Comment 3 Justin M. Forbes 2021-02-18 22:55:21 UTC
This was fixed for Fedora with the 5.5 stable kernel updates.

Comment 6 Petr Matousek 2021-03-03 08:28:23 UTC
Created linux-firmware tracking bugs for this issue:

Affects: fedora-all [bug 1934418]

Comment 9 Petr Matousek 2021-03-04 14:57:28 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 12 Dave Airlie 2021-04-19 04:06:39 UTC
Created attachment 1773173 [details]
disable the fw loading on i915 option.

Comment 13 Dave Airlie 2021-04-19 04:23:06 UTC
By default out of the box we are not affected by this bug. We don't enable GUC fw loading/submission on any platforms by default yet AFAICS.

The only way to enable GuC fw loading is to pass i915.enable_guc on the command line. So by default there is no need to mitigate this. Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this.

I think we can fix this for the newer kernels fine, but I'm not sure it's worth fixing it for too many of the older ones. The patch I've attached just completely blocks passing the enable_guc command line parameter and prints a warning if it is.

Comment 16 Petr Matousek 2021-04-20 09:30:04 UTC
Statement:

Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue.

To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.

Comment 18 Dave Airlie 2021-04-22 01:09:06 UTC
Created attachment 1774212 [details]
alternate patch to just print a dmesg warning if enable_guc is used on older kernels.

Comment 20 errata-xmlrpc 2021-05-18 13:21:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578

Comment 21 errata-xmlrpc 2021-05-18 13:45:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1620 https://access.redhat.com/errata/RHSA-2021:1620

Comment 22 errata-xmlrpc 2021-05-18 14:41:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739

Comment 23 Product Security DevOps Team 2021-05-18 20:38:32 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12362

Comment 24 errata-xmlrpc 2021-05-25 15:54:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106

Comment 25 errata-xmlrpc 2021-06-01 08:45:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2164 https://access.redhat.com/errata/RHSA-2021:2164

Comment 26 errata-xmlrpc 2021-06-01 16:04:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2190 https://access.redhat.com/errata/RHSA-2021:2190

Comment 27 errata-xmlrpc 2021-06-02 00:46:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2185 https://access.redhat.com/errata/RHSA-2021:2185

Comment 28 errata-xmlrpc 2021-06-08 14:43:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:2293 https://access.redhat.com/errata/RHSA-2021:2293

Comment 29 errata-xmlrpc 2021-06-08 22:31:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314

Comment 30 errata-xmlrpc 2021-06-08 22:32:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316

Comment 31 errata-xmlrpc 2021-06-09 09:27:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:2355 https://access.redhat.com/errata/RHSA-2021:2355

Comment 33 errata-xmlrpc 2021-06-22 17:36:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:2523 https://access.redhat.com/errata/RHSA-2021:2523

Comment 39 errata-xmlrpc 2021-07-20 20:54:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2021:2735 https://access.redhat.com/errata/RHSA-2021:2735


Note You need to log in before you can comment on or make changes to this bug.