Bug 1781810 (CVE-2019-19543) - CVE-2019-19543 kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c
Summary: CVE-2019-19543 kernel: use-after-free in serial_ir_init_module() in drivers/m...
Keywords:
Status: NEW
Alias: CVE-2019-19543
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1802396 1802397 1781811 1802398
Blocks: 1781812
TreeView+ depends on / blocked
 
Reported: 2019-12-10 16:11 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-07-23 22:56 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-12-10 16:11:24 UTC
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

Reference and upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56cd26b618855c9af48c8301aa6754ced8dd0beb

Comment 1 Guilherme de Almeida Suckevicz 2019-12-10 16:12:15 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1781811]

Comment 2 Justin M. Forbes 2019-12-11 18:18:05 UTC
This was fixed for Fedora with the 5.1.6 stable kernel update.

Comment 5 Wade Mealing 2020-02-13 04:05:05 UTC
So, I'm rating this moderate, because:

:- only able to be triggered during the failure to load the module
:- triggerable only during the load of the module ( administrative privileges required).

This doesn't qualify for Z stream/EUS fixes but if you have hardware / a situation that this can be triggered on, I'd be willing to change my mind.

Comment 7 Wade Mealing 2020-02-13 04:40:22 UTC
Mitigation:


As the  module will be auto-loaded when the relevant hardware is required, its use can be disabled  by preventing the module from loading with the following instructions:

# echo "install serial_ir  /bin/true" >> /etc/modprobe.d/disable-serial-ir.conf 
 
The system will need to be restarted if the CIFS modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.

If the system requires this module to work correctly, this mitigation may not be suitable.

If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.


Note You need to log in before you can comment on or make changes to this bug.