{ "threat_severity" : "Important", "public_date" : "2020-05-05T00:00:00Z", "bugzilla" : { "description" : "kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body", "id" : "1832866", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1832866" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.", "A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-06-09T00:00:00Z", "advisory" : "RHSA-2020:2428", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-193.6.3.rt13.59.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-06-09T00:00:00Z", "advisory" : "RHSA-2020:2427", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-193.6.3.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-06-15T00:00:00Z", "advisory" : "RHSA-2020:2567", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date" : "2020-06-09T00:00:00Z", "advisory" : "RHSA-2020:2429", "cpe" : "cpe:/o:redhat:rhel_e4s:8.0", "package" : "kernel-0:4.18.0-80.23.2.el8_0" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2020-06-23T00:00:00Z", "advisory" : "RHSA-2020:2667", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kernel-0:4.18.0-147.20.1.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2020-06-23T00:00:00Z", "advisory" : "RHSA-2020:2669", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kpatch-patch" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-alt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-12657\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12657" ], "name" : "CVE-2020-12657", "mitigation" : { "value" : "The default io scheduler for Red Hat Enterprise Linux 8 is the mq-deadline scheduler, however it can be \nconfigured to any of the available schedulers available on the system on a per-device basis.\nThe schedulers in use can be verified by the block devices entry in sysfs, for example for \"sda\":\n# cat /sys/block/sda/queue/scheduler \n[mq-deadline] kyber bfq none\nAll block devices in the system will need to be changed to be mitigated. If the system workload requires\nbfq, this may not be an acceptable workaround however some systems may find changing io schedulers to be an\nacceptable workaround until system updates can be applied.\nSee https://access.redhat.com/solutions/3756041 for how to configure the io scheduler persistently across\nsystem reboots or contact Red Hat Global Support Services.", "lang" : "en:us" }, "csaw" : false }