Bugzilla – Bug 1152516
VUL-0: CVE-2019-16921: kernel-source: missing initialization of resp data structure in hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c
Last modified: 2020-06-25 08:03:25 UTC
In the Linux kernel before 4.17, hns_roce_alloc_ucontext in
drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data
structure, which might allow attackers to obtain sensitive information from
kernel stack memory, aka CID-df7e40425813.
Already fixed in SLE and openSUSE:
The original SUSE bug is bsc#1104427.
Closing as fixed.
Alexander, possible to open up the original issue? I'm trying to understand more the context on the CVE-2019-16921 assignment.
Unless I miss something, the fixing commit is df7e40425813c50cd252e6f5e348a81ef1acae56 upstream which is in v4.17-rc1. Though it fixes an issue introduced by e088a685eae9 ("RDMA/hns: Support rq record doorbell for the user space") which is as well just in 4.17-rc1.
Is the assignnement due to SUSE possibly having backported the later commit to SUSE provided kernels? Because e088a685eae9 as such did not land in any other stable versions.