Bug 1715494 (CVE-2019-12380) - CVE-2019-12380 kernel: memory allocation failure in the efi subsystem leads to denial of service
Summary: CVE-2019-12380 kernel: memory allocation failure in the efi subsystem leads t...
Keywords:
Status: NEW
Alias: CVE-2019-12380
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1715495
Blocks: 1715561
TreeView+ depends on / blocked
 
Reported: 2019-05-30 13:47 UTC by msiddiqu
Modified: 2019-11-28 15:03 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description msiddiqu 2019-05-30 13:47:13 UTC
An issue was discovered in the efi subsystem in the Linux kernel in the function phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.

This particular attack is somewhat contrived and difficult to execute.  It would require an attacker to be able to create memory failures during early boot phase on platforms such as a virtual machine host. This may allow for the kernel in the guest to incorrectly map memory and possibly allow an local (in guest)  attacker to then further escalate privileges on the affected guest.  Red Hat product security finds this situation very unlikely.

Upstream patch: 

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e

Discussion:
https://lkml.org/lkml/2019/5/22/1378

Comment 1 msiddiqu 2019-05-30 13:47:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1715495]


Note You need to log in before you can comment on or make changes to this bug.