Bug 1181720 (CVE-2020-12362)

Summary:	VUL-0: CVE-2020-12362: kernel-source: intel graphics security issues Feb 2021
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Marcus Meissner <meissner>
Component:	Incidents	Assignee:	Marc Ruehrschneck <marc.ruehrschneck>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	atoptsoglou, bpetkov, marc.ruehrschneck, patrik.jakobsson, rfrohl, security-team, tiwai, tzimmermann
Version:	unspecified	Flags:	tiwai: needinfo? (marc.ruehrschneck)
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/277032/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-12362:7.5:(AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:	1181735, 1181736, 1181738
Bug Blocks:	1182033

Description Marcus Meissner 2021-02-03 07:28:29 UTC

embargoed via intel

CRD: 2021-02-09

INTEL-TA-00438

contains a number of Intel graphics adapter issues (see PDF).

Only 2 affect Linux.

CVEID: CVE-2020-12362
Description: Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows *
before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged
user to potentially enable an escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H


CVEID: CVE-2020-12363
Description: Improper input validation in some Intel(R) Graphics Drivers for Windows* before
version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to
potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2020-12364
Description: Null pointer reference in some Intel(R) Graphics Drivers for Windows* before
version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged
user to potentially enable a denial of service via local access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L


CVEID: CVE-2020-12373
Description: Expired pointer dereference in some Intel(R) Graphics Drivers before version
26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local
access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected Products:
Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th Generation Intel® Processors for
Windows* 7, 8.1 and 10 before versions 15.33.51.5146, 15.36.39.5145, 15.40.46.5144,
15.45.32.5164, 26.20.100.8141, 27.20.100.8587 and Intel® Graphics Drivers for Linux before
Linux kernel version 5.5.

Comment 8 Marcus Meissner 2021-02-10 07:56:33 UTC

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

Comment 9 Takashi Iwai 2021-02-10 08:04:31 UTC

Can't we get a bit more details?  Marc?

Comment 10 Marc Ruehrschneck 2021-02-10 08:34:52 UTC

Marcus has been in contact with Pragyan on this. Not me.

Comment 11 Marcus Meissner 2021-02-10 09:55:25 UTC

(This bug only tracks the first CVE.)

I have not seen patches from Intel yet.

Comment 13 Marcus Meissner 2021-02-16 16:47:40 UTC

According to Intel this commit is the fix for all 4 issues:

commit c784e5249e773689e38d2bc1749f08b986621a26
Author: John Harrison <John.C.Harrison@Intel.com>
Date:   Wed Oct 28 07:58:24 2020 -0700

    drm/i915/guc: Update to use firmware v49.0.1

Comment 14 Takashi Iwai 2021-02-16 21:13:48 UTC

Hmm, it's a pretty new commit (in 5.11), and it's likely not cleanly applicable to older kernels at all.  Adding Patrik and Thomas to Cc.

And, the commit implies that the mitigation requires the i915 firmware update to the very latest version (commit c487f7dadcd21116613441ed355b764003b3f57b in linux-firmware tree).  This is already included in the latest package for TW and SLE15-SP3, but not for other SLE releases.

In anyway, we need yet more details from Intel: which kernels and which chips are affected?

Comment 15 Takashi Iwai 2021-02-17 13:04:11 UTC

I pushed the fix to SLE15-SP3 kernel.  For the rest older releases, we need information.

Comment 26 OBSbugzilla Bot 2021-03-03 01:43:36 UTC

This is an autogenerated message for OBS integration:
This bug (1181720) was mentioned in
https://build.opensuse.org/request/show/876318 15.2 / kernel-source

Comment 29 Swamp Workflow Management 2021-03-03 20:25:37 UTC

SUSE-SU-2021:0694-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1181720,1181735,1181736,1181738
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Manager Proxy 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-firmware-20200107-3.18.1
SUSE Enterprise Storage 6 (src):    kernel-firmware-20200107-3.18.1
SUSE CaaS Platform 4.0 (src):    kernel-firmware-20200107-3.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2021-03-08 11:25:22 UTC

openSUSE-SU-2021:0393-1: An update that solves 9 vulnerabilities and has 115 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182697,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.66.2, kernel-default-5.3.18-lp152.66.2, kernel-default-base-5.3.18-lp152.66.2.lp152.8.23.2, kernel-docs-5.3.18-lp152.66.2, kernel-kvmsmall-5.3.18-lp152.66.2, kernel-obs-build-5.3.18-lp152.66.2, kernel-obs-qa-5.3.18-lp152.66.2, kernel-preempt-5.3.18-lp152.66.2, kernel-source-5.3.18-lp152.66.2, kernel-syms-5.3.18-lp152.66.2

Comment 33 Swamp Workflow Management 2021-03-09 20:24:00 UTC

SUSE-SU-2021:0738-1: An update that solves 9 vulnerabilities and has 114 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.38.1, kernel-source-azure-5.3.18-18.38.1, kernel-syms-azure-5.3.18-18.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Swamp Workflow Management 2021-03-09 20:52:47 UTC

SUSE-SU-2021:0735-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180989,1181133,1181259,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856,1183022
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-28.1, kernel-rt_debug-5.3.18-28.1, kernel-source-rt-5.3.18-28.1, kernel-syms-rt-5.3.18-28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Swamp Workflow Management 2021-03-09 21:09:47 UTC

SUSE-SU-2021:0741-1: An update that solves 9 vulnerabilities and has 117 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-livepatch-SLE15-SP2_Update_11-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.52.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.52.1, kernel-obs-build-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1, kernel-syms-5.3.18-24.52.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 47 Robert Frohl 2022-04-13 11:36:29 UTC

done