CVE-2019-20934

Опубликовано: 16 июл. 2020

Источник: redhat

CVSS3: 5.3

Описание

An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.

A flaw was found in the Linux kernel’s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability.

Меры по смягчению последствий

As the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off. The method of providing this parameter depends on the operating system version, see KCS article https://access.redhat.com/solutions/23216. Disabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-alt	Will not fix
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2021:2726	21.07.2021
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2021:2725	21.07.2021
Red Hat Enterprise Linux 7.7 Advanced Update Support	kernel	Fixed	RHSA-2021:3987	26.10.2021
Red Hat Enterprise Linux 7.7 Telco Extended Update Support	kernel	Fixed	RHSA-2021:3987	26.10.2021
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions	kernel	Fixed	RHSA-2021:3987	26.10.2021