CVE-2020-28974

Опубликовано: 09 нояб. 2020

Источник: redhat

CVSS3: 5

Описание

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.

An out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability.

Меры по смягчению последствий

Add 'nomodeset' option as kernel boot parameter to disable frame buffering in /etc/default/grub, and run 'grub2-mkconfig -o /boot/grub2/grub.cfg' and reboot.

# cat /proc/cmdline BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-147.el8.x86_64 root=/dev/mapper/rhel_rhel8u2--1-root ro crashkernel=auto resume=/dev/mapper/rhel_rhel8u2--1-swap rd.lvm.lv=rhel_rhel8u2-1/root rd.lvm.lv=rhel_rhel8u2-1/swap nomodeset # ls -l /dev/fb* ls: cannot access '/dev/fb*': No such file or directory

The above said mitigation does not so effect for rhel6 kernel , and is only applicable for rhel7/8.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-alt	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	kernel-rt	Will not fix
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2021:1739	18.05.2021
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2021:1578	18.05.2021