Bug 1930251 (CVE-2020-12364) - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers
Summary: CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Dri...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12364
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1930253 1934412 1935230 1935231 1935233 1935234 1935235 1935236 1935237 1935256 1935257 1935277 1935281 1935284 1935286 1935296
Blocks: 1930256
TreeView+ depends on / blocked
 
Reported: 2021-02-18 15:11 UTC by Pedro Sampaio
Modified: 2022-04-17 21:10 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Null pointer reference in some Intel(R) Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access.
Clone Of:
Environment:
Last Closed: 2021-06-02 17:32:09 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:2362 0 None None None 2021-06-09 11:51:48 UTC
Red Hat Product Errata RHSA-2021:2314 0 None None None 2021-06-08 22:31:38 UTC
Red Hat Product Errata RHSA-2021:2316 0 None None None 2021-06-08 22:33:06 UTC

Description Pedro Sampaio 2021-02-18 15:11:50 UTC 
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Comment 1 Pedro Sampaio 2021-02-18 15:12:56 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1930253]
Comment 2 Justin M. Forbes 2021-02-18 23:00:22 UTC 
This was fixed for fedora with the 5.5.x stable kernel rebases.
Comment 3 Petr Matousek 2021-03-03 08:06:07 UTC 
Upstream fixes are combination of firmware and kernel update:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c784e5249e773689e38d2bc1749f08b986621a26
Comment 5 Petr Matousek 2021-03-03 08:09:44 UTC 
External References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Comment 7 Petr Matousek 2021-03-04 14:57:08 UTC 
Statement:

To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.
Comment 8 Petr Matousek 2021-03-04 14:57:12 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 9 Petr Matousek 2021-03-04 14:58:04 UTC 
Created linux-firmware tracking bugs for this issue:

Affects: fedora-all [bug 1935256]
Comment 22 Product Security DevOps Team 2021-06-02 17:32:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12364
Comment 23 errata-xmlrpc 2021-06-08 22:31:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2314 https://access.redhat.com/errata/RHSA-2021:2314
Comment 24 errata-xmlrpc 2021-06-08 22:33:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2316 https://access.redhat.com/errata/RHSA-2021:2316
Note You need to log in before you can comment on or make changes to this bug.