{
  "threat_severity" : "Important",
  "public_date" : "2019-11-12T18:00:00Z",
  "bugzilla" : {
    "description" : "hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write",
    "id" : "1724398",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1724398"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-284",
  "details" : [ "Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly." ],
  "statement" : "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/i915-graphics",
  "acknowledgement" : "Red Hat would like to thank Intel for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3878",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-754.24.3.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3887",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1062.4.3.rt56.1029.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3872",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1062.4.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Telco Extended Update Support",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions",
    "release_date" : "2019-11-12T00:00:00Z",
    "advisory" : "RHSA-2019:3841",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.2",
    "package" : "kernel-0:3.10.0-327.82.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3883",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "kernel-0:3.10.0-514.70.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3883",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "kernel-0:3.10.0-514.70.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3883",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "kernel-0:3.10.0-514.70.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3877",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.60.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3877",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "kernel-0:3.10.0-693.60.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3877",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "kernel-0:3.10.0-693.60.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3889",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "kernel-0:3.10.0-862.43.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3873",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kernel-0:3.10.0-957.38.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3870",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-147.0.3.rt24.95.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3871",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-147.0.3.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-01-22T00:00:00Z",
    "advisory" : "RHSA-2020:0204",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "kernel-0:4.18.0-80.15.1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2019-11-19T00:00:00Z",
    "advisory" : "RHSA-2019:3908",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.60.3.rt56.655.el6rt"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-11-13T00:00:00Z",
    "advisory" : "RHSA-2019:3873",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "kernel-0:3.10.0-957.38.3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-0155\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0155\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" ],
  "csaw" : true,
  "name" : "CVE-2019-0155",
  "mitigation" : {
    "value" : "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article( https://access.redhat.com/solutions/41278 ) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.",
    "lang" : "en:us"
  }
}