Bug 1901161 (CVE-2020-15437) - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c
Summary: CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15437
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1901162 Red Hat1903272 Red Hat1905052 Red Hat1905053
Blocks: Embargoed1901164
TreeView+ depends on / blocked
 
Reported: 2020-11-24 16:19 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-06-24 11:51 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the Linux kernel’s UART 8250 functionality, in the way certain hardware architectures handled situations where default ports (0x2E8, 0x2F8, 0x3E8, 0x3F8) are not available. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-05-18 20:37:16 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:2538 0 None None None 2021-06-23 18:06:12 UTC
Red Hat Product Errata RHBA-2021:2541 0 None None None 2021-06-24 11:51:29 UTC

Description Guilherme de Almeida Suckevicz 2020-11-24 16:19:06 UTC 
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.

Reference:
https://lkml.org/lkml/2020/7/21/80
Comment 1 Guilherme de Almeida Suckevicz 2020-11-24 16:20:59 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1901162]
Comment 2 Justin M. Forbes 2020-11-25 14:42:38 UTC 
This was fixed for Fedora with the 5.7.11 stable kernel updates.
Comment 4 Alex 2020-12-01 18:02:48 UTC 
Statement:

This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user in the tty or in the dialout group.
Comment 8 errata-xmlrpc 2021-05-18 13:20:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
Comment 9 errata-xmlrpc 2021-05-18 14:40:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739
Comment 10 Product Security DevOps Team 2021-05-18 20:37:16 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15437
Note You need to log in before you can comment on or make changes to this bug.