Описание
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
An information disclosure flaw was found in the Linux kernel. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality.
Отчет
This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and 8 may address this issue. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise MRG 2.
Меры по смягчению последствий
Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs “How do I blacklist a kernel module to prevent it from loading automatically?“ (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if the graphical login functionality is required.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2021:4140 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2021:4356 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
Insufficient control flow in certain data structures for some Intel(R) ...
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
Уязвимость микропрограммного обеспечения процессоров Intel c Intel Processor Graphics, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.5 Medium
CVSS3