A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs. Intel plans to release BIOS firmware, along with updates supplied by Red Hat should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states.
Mitigation: Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.
Acknowledgments: Name: Intel
Statement: Intel plans to release BIOS firmware to correct this issue. Red Hat's kernel update should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states. For more information see https://access.redhat.com/solutions/i915-graphics
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1771642]
External References: https://access.redhat.com/solutions/i915-graphics https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3833 https://access.redhat.com/errata/RHSA-2019:3833
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3835 https://access.redhat.com/errata/RHSA-2019:3835
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3832 https://access.redhat.com/errata/RHSA-2019:3832
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3837 https://access.redhat.com/errata/RHSA-2019:3837
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3838 https://access.redhat.com/errata/RHSA-2019:3838
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3834 https://access.redhat.com/errata/RHSA-2019:3834
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3841
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:3844 https://access.redhat.com/errata/RHSA-2019:3844
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:3840 https://access.redhat.com/errata/RHSA-2019:3840
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:3839 https://access.redhat.com/errata/RHSA-2019:3839
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0154
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204