Bug 1846380 (CVE-2020-10773) - CVE-2020-10773 kernel: kernel stack information leak on s390/s390x
Summary: CVE-2020-10773 kernel: kernel stack information leak on s390/s390x
Alias: CVE-2020-10773
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1846531 1846532 1846533 1846534 1846535 1846536
Blocks: 1766285
TreeView+ depends on / blocked
Reported: 2020-06-11 13:17 UTC by Alex
Modified: 2021-02-16 19:53 UTC (History)
48 users (show)

Fixed In Version: kernel-5.4-rc6
Doc Type: If docs needed, set a value
Doc Text:
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
Clone Of:
Last Closed: 2020-11-04 02:25:46 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4431 0 None None None 2020-11-04 00:51:19 UTC

Description Alex 2020-06-11 13:17:50 UTC
In function cmm_timeout_hander in file arch/s390/mm/cmm.c, there is a logic error which set null byte too far away from user input which means user input won't be null terminated. And then, kernel stack data will be concatenated with user input and be processed. By querying the result, attacker is able to see the kernel data.
This is linux kernel stack information leak on s390/s390x (and it is actual both for s390, ppc64 and ppc64le platforms).

Comment 3 Alex 2020-06-11 19:40:02 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1846531]

Comment 5 Alex 2020-06-11 19:51:45 UTC

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 9 Petr Matousek 2020-06-17 12:39:00 UTC

This issue is rated as having Low impact because of being limited to only s390 architecture and very limited kernel stack exposure.

Comment 11 Justin M. Forbes 2020-10-08 18:53:27 UTC
This was fixed for Fedora with the 5.3.9 stable kernel updates.

Comment 12 Rakesh 2020-10-28 04:16:21 UTC
/arch/s390/mm/cmm.c and /proc/sys/vm/cmm_timeout does not exists is RHEL 6 , kernel-2.6.32-754.35.1.el6.x86_64
Is RHEL 6 unaffected by this flaw?

Comment 13 Petr Matousek 2020-10-28 11:16:43 UTC

In reply to comment #12:
> /arch/s390/mm/cmm.c and /proc/sys/vm/cmm_timeout does not exists is RHEL 6 ,
> kernel-2.6.32-754.35.1.el6.x86_64
> Is RHEL 6 unaffected by this flaw?

this issue is out of support scope for both Red Hat Enterprise Linux 5 and 6. As such, we haven't performed the investigation on these product versions. Our metadata were saying the contrary, I fixed that.

Sorry for the confusion.

Best regards,
Petr Matousek / Red Hat Product Security

Comment 14 errata-xmlrpc 2020-11-04 00:51:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431

Comment 15 Product Security DevOps Team 2020-11-04 02:25:46 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.