Описание
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler.
Меры по смягчению последствий
The default io scheduler for Red Hat Enterprise Linux 8 is the mq-deadline scheduler, however it can be configured to any of the available schedulers available on the system on a per-device basis. The schedulers in use can be verified by the block devices entry in sysfs, for example for "sda":
cat /sys/block/sda/queue/scheduler
[mq-deadline] kyber bfq none All block devices in the system will need to be changed to be mitigated. If the system workload requires bfq, this may not be an acceptable workaround however some systems may find changing io schedulers to be an acceptable workaround until system updates can be applied. See https://access.redhat.com/solutions/3756041 for how to configure the io scheduler persistently across system reboots or contact Red Hat Global Support Services.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:2428 | 09.06.2020 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:2427 | 09.06.2020 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2020:2567 | 15.06.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | kernel | Fixed | RHSA-2020:2429 | 09.06.2020 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
An issue was discovered in the Linux kernel before 5.6.5. There is a u ...
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
7 High
CVSS3