Bug 1899177 (CVE-2020-28915) - CVE-2020-28915 kernel: out-of-bounds read in fbcon_get_font function
Summary: CVE-2020-28915 kernel: out-of-bounds read in fbcon_get_font function
Keywords:
Status: NEW
Alias: CVE-2020-28915
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1904374 1904376 2064762 2076348 1899178 1904373 1904375 1904377
Blocks: 1899179
TreeView+ depends on / blocked
 
Reported: 2020-11-18 16:43 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-04-23 08:29 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds (OOB) memory access flaw was found in fbcon_get_font() in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure allows a local attacker with special user privilege to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to integrity and system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-11-18 16:43:35 UTC
An out-of-bounds (OOB) memory access flaw was found in fbcon_get_font() in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A bound check failure may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

Reference:
https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd

Comment 1 Guilherme de Almeida Suckevicz 2020-11-18 16:45:00 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1899178]

Comment 2 Justin M. Forbes 2020-11-18 17:39:09 UTC
This was fixed for Fedora with the 5.8.15 stable kernel updates.

Comment 10 Rohit Keshri 2020-12-12 17:17:08 UTC
Mitigation:

Add 'nomodeset' option as kernel boot parameter to disable frame buffering (edit /etc/default/grub, and run 'grub2-mkconfig -o /boot/grub2/grub.cfg' and reboot).
~~~
# cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-147.el8.x86_64 root=/dev/mapper/rhel_rhel8u2--1-root ro crashkernel=auto resume=/dev/mapper/rhel_rhel8u2--1-swap rd.lvm.lv=rhel_rhel8u2-1/root rd.lvm.lv=rhel_rhel8u2-1/swap nomodeset

# ls -l /dev/fb*
ls: cannot access '/dev/fb*': No such file or directory
~~~


Note You need to log in before you can comment on or make changes to this bug.