Bug 1834845 (CVE-2020-12770) - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
Summary: CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a...
Keywords:
Status: NEW
Alias: CVE-2020-12770
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1838784 1840699 1840701 1840702 1834847 1840700 1840703
Blocks: 1834848
TreeView+ depends on / blocked
 
Reported: 2020-05-12 14:15 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-07-07 14:57 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-05-12 14:15:07 UTC
A vulnerability was found in sg_write in drivers/scsi/sg.c in  SCSI generic (sg) driver subsystem. An attacker with a local access and special user privilege (or root) can cause a denial of service (DoS) if allocated list is not cleaned with invalid (Sg_fd * sfp) pointer at the time of failure, failing this can even cause a kernel internal information leak problem.

Reference and upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee

Comment 1 Guilherme de Almeida Suckevicz 2020-05-12 14:16:18 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1834847]

Comment 9 RaTasha Tillery-Smith 2020-06-10 11:57:40 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


Note You need to log in before you can comment on or make changes to this bug.