{
  "threat_severity" : "Moderate",
  "public_date" : "2019-11-12T18:00:00Z",
  "bugzilla" : {
    "description" : "hw: Intel GPU Denial Of Service while accessing MMIO in lower power state",
    "id" : "1724393",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1724393"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-284",
  "details" : [ "Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.", "A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs." ],
  "statement" : "Intel plans to release BIOS firmware to correct this issue. Red Hat's kernel update should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states. For more information see https://access.redhat.com/solutions/i915-graphics",
  "acknowledgement" : "Red Hat would like to thank Intel for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3836",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-754.24.2.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3835",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1062.4.2.rt56.1028.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3834",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1062.4.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Telco Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3840",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "kernel-0:3.10.0-514.70.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3840",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "kernel-0:3.10.0-514.70.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3840",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "kernel-0:3.10.0-514.70.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3839",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.60.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3839",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "kernel-0:3.10.0-693.60.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3839",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "kernel-0:3.10.0-693.60.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3838",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "kernel-0:3.10.0-862.43.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3837",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kernel-0:3.10.0-957.38.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3833",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-147.0.2.rt24.94.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3832",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-147.0.2.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-01-22T00:00:00Z",
    "advisory" : "RHSA-2020:0204",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "kernel-0:4.18.0-80.15.1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3844",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.60.2.rt56.655.el6rt"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3837",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "kernel-0:3.10.0-957.38.2.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-0154\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0154\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html" ],
  "name" : "CVE-2019-0154",
  "mitigation" : {
    "value" : "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly.  This mitigation may not be suitable if running graphical tools locally is required.",
    "lang" : "en:us"
  },
  "csaw" : false
}