Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1735630 (CVE-2019-13648)

Summary: CVE-2019-13648 kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hannsj_uhl, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-21 19:27:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1735631, 1802829, 1802830, 1802832, 1802833, 1837073    
Bug Blocks: 1732753, 1732823    

Description Dhananjay Arunesh 2019-08-01 07:43:28 UTC
A vulnerability was found in on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (Transaction Memory exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.

Reference:
https://patchwork.ozlabs.org/patch/1133904/
https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/powerpc/signal/sigfuz.c?h=v5.2

Comment 1 Dhananjay Arunesh 2019-08-01 07:43:55 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1735631]

Comment 5 Wade Mealing 2020-02-14 01:10:11 UTC
Red hat Enterprise Linux 7 kernels before kernel-3.10.0-1065.el7 were affected by this flaw.

Comment 9 errata-xmlrpc 2020-03-31 19:11:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1016 https://access.redhat.com/errata/RHSA-2020:1016

Comment 12 errata-xmlrpc 2020-07-21 13:41:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:3019 https://access.redhat.com/errata/RHSA-2020:3019

Comment 13 Product Security DevOps Team 2020-07-21 19:27:41 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-13648