Bug 1949560 (CVE-2020-36322) - CVE-2020-36322 kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
Summary: CVE-2020-36322 kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inap...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-36322
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1953500 1953501 1953502 1953503 1906908 1949561 1952046 1952047 1952048 2015843 2015976
Blocks: 1949562
TreeView+ depends on / blocked
 
Reported: 2021-04-14 14:38 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-01-11 17:31 UTC (History)
48 users (show)

Fixed In Version: Linux kernel 5.11-rc1
Doc Type: If docs needed, set a value
Doc Text:
A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed: 2021-05-18 20:38:49 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:2538 0 None None None 2021-06-23 18:06:29 UTC
Red Hat Product Errata RHBA-2021:2541 0 None None None 2021-06-24 11:51:51 UTC
Red Hat Product Errata RHSA-2022:0063 0 None None None 2022-01-11 17:29:58 UTC
Red Hat Product Errata RHSA-2022:0065 0 None None None 2022-01-11 17:31:26 UTC
Red Hat Product Errata RHSA-2022:0072 0 None None None 2022-01-11 16:25:34 UTC
Red Hat Product Errata RHSA-2022:0078 0 None None None 2022-01-11 16:00:53 UTC

Description Guilherme de Almeida Suckevicz 2021-04-14 14:38:00 UTC 
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

Reference and upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454
Comment 1 Guilherme de Almeida Suckevicz 2021-04-14 14:40:11 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1949561]
Comment 2 Justin M. Forbes 2021-04-14 15:57:05 UTC 
This was fixed for Fedora with the 5.10.6 stable kernel updates.
Comment 7 Rohit Keshri 2021-04-21 12:22:26 UTC 
Mitigation:

As the FUSE module will be auto-loaded when required, its use can be disabled  by preventing the module from loading with the following instructions:

# echo "install fuse /bin/true" >> /etc/modprobe.d/disable-fuse.conf

The system will need to be restarted if the FUSE modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while the FUSE filesystems are in  use.

If the system requires this module to work correctly, this mitigation may not be suitable.

If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Comment 9 Alex 2021-04-22 15:44:13 UTC 
External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454
Comment 13 Rohit Keshri 2021-04-27 05:30:13 UTC 
Statement:

This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux from 8.3 and prior the versions. RHEL 8.4 and later versions are not affected.
Comment 14 errata-xmlrpc 2021-05-18 13:21:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
Comment 15 Product Security DevOps Team 2021-05-18 20:38:49 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-36322
Comment 18 errata-xmlrpc 2022-01-11 16:00:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0078 https://access.redhat.com/errata/RHSA-2022:0078
Comment 19 errata-xmlrpc 2022-01-11 16:25:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0072 https://access.redhat.com/errata/RHSA-2022:0072
Comment 20 errata-xmlrpc 2022-01-11 17:29:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0063 https://access.redhat.com/errata/RHSA-2022:0063
Comment 21 errata-xmlrpc 2022-01-11 17:31:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0065 https://access.redhat.com/errata/RHSA-2022:0065
Note You need to log in before you can comment on or make changes to this bug.