Bug 1834845 (CVE-2020-12770) - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
Summary: CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12770
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1834847 1838784 1840699 1840700 1840701 1840702 1840703 1888689 1894473 1894474 1894475 1894476
Blocks: 1834848
TreeView+ depends on / blocked
 
Reported: 2020-05-12 14:15 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-25 15:55 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.
Clone Of:
Environment:
Last Closed: 2020-09-29 22:00:49 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4060 0 None None None 2020-09-29 20:54:14 UTC
Red Hat Product Errata RHSA-2020:4062 0 None None None 2020-09-29 18:59:56 UTC
Red Hat Product Errata RHSA-2020:4431 0 None None None 2020-11-04 00:51:13 UTC
Red Hat Product Errata RHSA-2020:4609 0 None None None 2020-11-04 02:23:39 UTC
Red Hat Product Errata RHSA-2020:5206 0 None None None 2020-11-25 13:07:01 UTC
Red Hat Product Errata RHSA-2020:5430 0 None None None 2020-12-15 08:55:32 UTC
Red Hat Product Errata RHSA-2020:5656 0 None None None 2020-12-22 09:32:44 UTC

Description Guilherme de Almeida Suckevicz 2020-05-12 14:15:07 UTC 
A vulnerability was found in sg_write in drivers/scsi/sg.c in  SCSI generic (sg) driver subsystem. An attacker with a local access and special user privilege (or root) can cause a denial of service (DoS) if allocated list is not cleaned with invalid (Sg_fd * sfp) pointer at the time of failure, failing this can even cause a kernel internal information leak problem.

Reference and upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee
Comment 1 Guilherme de Almeida Suckevicz 2020-05-12 14:16:18 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1834847]
Comment 9 RaTasha Tillery-Smith 2020-06-10 11:57:40 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 10 errata-xmlrpc 2020-09-29 18:59:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
Comment 11 errata-xmlrpc 2020-09-29 20:54:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
Comment 12 Product Security DevOps Team 2020-09-29 22:00:49 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12770
Comment 13 errata-xmlrpc 2020-11-04 00:51:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
Comment 14 errata-xmlrpc 2020-11-04 02:23:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609
Comment 18 errata-xmlrpc 2020-11-24 10:55:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:5206 https://access.redhat.com/errata/RHSA-2020:5206
Comment 19 errata-xmlrpc 2020-12-15 08:55:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:5430 https://access.redhat.com/errata/RHSA-2020:5430
Comment 20 errata-xmlrpc 2020-12-22 09:32:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:5656 https://access.redhat.com/errata/RHSA-2020:5656
Note You need to log in before you can comment on or make changes to this bug.