Bug 1881424 (CVE-2020-25641) - CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS
Summary: CVE-2020-25641 kernel: soft-lockups in iov_iter_copy_from_user_atomic() could...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-25641
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1882436 1882437 1872032 1882220 1882221 1882222 1883712 1888859 1889263 1889264
Blocks: 1879956
TreeView+ depends on / blocked
 
Reported: 2020-09-22 11:45 UTC by Michael Kaplan
Modified: 2021-02-16 19:13 UTC (History)
47 users (show)

Fixed In Version: kernel-5.9-rc7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s implementation of biovecs. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-11-10 20:21:19 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4431 0 None None None 2020-11-04 00:51:29 UTC
Red Hat Product Errata RHSA-2020:4609 0 None None None 2020-11-04 02:23:59 UTC
Red Hat Product Errata RHSA-2020:5079 0 None None None 2020-11-10 18:05:56 UTC
Red Hat Product Errata RHSA-2020:5374 0 None None None 2020-12-08 10:36:46 UTC
Red Hat Product Errata RHSA-2021:0073 0 None None None 2021-01-12 08:54:23 UTC
Red Hat Product Errata RHSA-2021:0136 0 None None None 2021-01-14 10:30:56 UTC

Description Michael Kaplan 2020-09-22 11:45:17 UTC
A flaw was found in the Linux kernels implementation of biovec usage.  A zero-length biovec request issued to the block subsystem could cause the kernel to enter an infinite loop causing a denial of service. An attacker with a local account can issue requests to a block device can cause a denial of service.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1872032
https://lore.kernel.org/lkml/89F418A9-EB20-48CB-9AE0-52C700E6BB74@lca.pw/

Proposed Fix: 

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e24969022cbd61ddc586f14824fc205661bb124

Comment 8 Wade Mealing 2020-09-30 00:25:40 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1883712]

Comment 9 Justin M. Forbes 2020-09-30 12:24:41 UTC
This was fixed for Fedora with the 5.8.8 stable kernel updates.

Comment 10 Petr Matousek 2020-10-13 15:46:48 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 14 errata-xmlrpc 2020-11-04 00:51:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431

Comment 15 errata-xmlrpc 2020-11-04 02:23:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609

Comment 17 errata-xmlrpc 2020-11-10 18:05:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5079 https://access.redhat.com/errata/RHSA-2020:5079

Comment 18 Product Security DevOps Team 2020-11-10 20:21:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25641

Comment 19 errata-xmlrpc 2020-12-08 10:36:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:5374 https://access.redhat.com/errata/RHSA-2020:5374

Comment 20 errata-xmlrpc 2021-01-12 08:54:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0073 https://access.redhat.com/errata/RHSA-2021:0073

Comment 21 errata-xmlrpc 2021-01-14 10:30:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0136 https://access.redhat.com/errata/RHSA-2021:0136


Note You need to log in before you can comment on or make changes to this bug.