Bug 1778860 (CVE-2019-19252) - CVE-2019-19252 kernel: vcs_write in drivers/tty/vt/vc_screen.c does not prevent write access to vcsu devices
Summary: CVE-2019-19252 kernel: vcs_write in drivers/tty/vt/vc_screen.c does not preve...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-19252
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1778861
Blocks: 1778862
TreeView+ depends on / blocked
 
Reported: 2019-12-02 16:49 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 20:56 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s virtual console implementation of Unicode usage. This flaw allows a local attacker with permissions on the /dev/vcsu* devices to crash the system or corrupt memory.
Clone Of:
Environment:
Last Closed: 2020-03-23 04:31:50 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-12-02 16:49:21 UTC
A flaw was found in the Linux kernels virtual console system which attempted to implement Unicode support.  The read and write support for Unicode on virtual consoles were implemented with different commits and attempting to write to a virtual console which did not implement Unicode characters could allow for memory corruption and possibly other issues.


Reference and upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=0c9acb1af77a3cb8707e43f45b72c95266903cee

Comment 1 Guilherme de Almeida Suckevicz 2019-12-02 16:51:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1778861]

Comment 3 Wade Mealing 2020-03-19 05:42:25 UTC
This flaw is rated as moderate, the attacker requires a local account with permissions to write to the correct device and this could possibly be used to trick the user into doing an action...

Comment 5 Justin M. Forbes 2020-03-19 22:05:21 UTC
This issue was fixed with the 5.3.16 stable kernel updates.

Comment 6 Wade Mealing 2020-03-23 01:50:29 UTC
Mitigation:

At this time there is no workaround that is suitable for a production system that would completely mitigate this flaw.

Comment 9 Product Security DevOps Team 2020-03-23 04:31:50 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19252


Note You need to log in before you can comment on or make changes to this bug.