Bugzilla – Bug 1152516
VUL-0: CVE-2019-16921: kernel-source: missing initialization of resp data structure in hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c
Last modified: 2020-06-25 08:03:25 UTC
CVE-2019-16921 In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. Already fixed in SLE and openSUSE: https://github.com/openSUSE/kernel/commit/72be029e947510dd6cbbbaf51879622af26e4200 The original SUSE bug is bsc#1104427. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16921 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16921.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16921 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df7e40425813c50cd252e6f5e348a81ef1acae56 https://github.com/torvalds/linux/commit/df7e40425813c50cd252e6f5e348a81ef1acae56
Closing as fixed.
Hi, Alexander, possible to open up the original issue? I'm trying to understand more the context on the CVE-2019-16921 assignment. Unless I miss something, the fixing commit is df7e40425813c50cd252e6f5e348a81ef1acae56 upstream which is in v4.17-rc1. Though it fixes an issue introduced by e088a685eae9 ("RDMA/hns: Support rq record doorbell for the user space") which is as well just in 4.17-rc1. Is the assignnement due to SUSE possibly having backported the later commit to SUSE provided kernels? Because e088a685eae9 as such did not land in any other stable versions. Regards, Salvatore