Bug 1181738 – VUL-1: CVE-2020-12373: kernel-source: Expired pointer dereference may lead to DOS

Bug 1181738 - (CVE-2020-12373) VUL-1: CVE-2020-12373: kernel-source: Expired pointer dereference may lead to DOS

(CVE-2020-12373)
Summary:	VUL-1: CVE-2020-12373: kernel-source: Expired pointer dereference may lead to...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Kernel Bugs
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/277029/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-12373:1.9:(AV:...
Keywords:

Depends on:
Blocks:	CVE-2020-12362
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-02-03 11:23 UTC by Alexandros Toptsoglou
Modified:	2023-01-18 16:40 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2021-02-03 11:23:14 UTC

+++ This bug was initially created as a clone of Bug #1181720 +++

embargoed via intel

CRD: 2021-02-09

INTEL-TA-00438

contains a number of Intel graphics adapter issues (see PDF).

CVEID: CVE-2020-12373
Description: Expired pointer dereference in some Intel(R) Graphics Drivers before version
26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local
access.
CVSS Base Score: 1.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected Products:
Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th Generation Intel® Processors for
Windows* 7, 8.1 and 10 before versions 15.33.51.5146, 15.36.39.5145, 15.40.46.5144,
15.45.32.5164, 26.20.100.8141, 27.20.100.8587 and Intel® Graphics Drivers for Linux before
Linux kernel version 5.5.

Comment 1 Marcus Meissner 2021-02-10 07:57:46 UTC

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

Comment 9 OBSbugzilla Bot 2021-03-03 01:43:50 UTC

This is an autogenerated message for OBS integration:
This bug (1181738) was mentioned in
https://build.opensuse.org/request/show/876318 15.2 / kernel-source

Comment 12 Swamp Workflow Management 2021-03-03 20:25:57 UTC

SUSE-SU-2021:0694-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1181720,1181735,1181736,1181738
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Manager Retail Branch Server 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Manager Proxy 4.0 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-firmware-20200107-3.18.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-firmware-20200107-3.18.1
SUSE Enterprise Storage 6 (src):    kernel-firmware-20200107-3.18.1
SUSE CaaS Platform 4.0 (src):    kernel-firmware-20200107-3.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2021-03-08 11:25:44 UTC

openSUSE-SU-2021:0393-1: An update that solves 9 vulnerabilities and has 115 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182697,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.66.2, kernel-default-5.3.18-lp152.66.2, kernel-default-base-5.3.18-lp152.66.2.lp152.8.23.2, kernel-docs-5.3.18-lp152.66.2, kernel-kvmsmall-5.3.18-lp152.66.2, kernel-obs-build-5.3.18-lp152.66.2, kernel-obs-qa-5.3.18-lp152.66.2, kernel-preempt-5.3.18-lp152.66.2, kernel-source-5.3.18-lp152.66.2, kernel-syms-5.3.18-lp152.66.2

Comment 15 Swamp Workflow Management 2021-03-09 20:24:18 UTC

SUSE-SU-2021:0738-1: An update that solves 9 vulnerabilities and has 114 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.38.1, kernel-source-azure-5.3.18-18.38.1, kernel-syms-azure-5.3.18-18.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2021-03-09 20:53:06 UTC

SUSE-SU-2021:0735-1: An update that solves 9 vulnerabilities and has 112 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180989,1181133,1181259,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856,1183022
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-28.1, kernel-rt_debug-5.3.18-28.1, kernel-source-rt-5.3.18-28.1, kernel-syms-rt-5.3.18-28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2021-03-09 21:10:08 UTC

SUSE-SU-2021:0741-1: An update that solves 9 vulnerabilities and has 117 fixes is now available.

Category: security (important)
Bug References: 1065600,1065729,1078720,1081134,1084610,1132477,1151927,1152472,1152489,1154353,1155518,1156395,1163776,1169514,1170442,1176248,1176855,1177109,1177326,1177440,1177529,1178142,1178995,1179082,1179137,1179243,1179428,1179660,1179929,1180058,1180846,1180964,1180989,1181133,1181259,1181544,1181574,1181637,1181655,1181671,1181674,1181710,1181720,1181735,1181736,1181738,1181747,1181753,1181818,1181843,1181854,1181896,1181958,1181960,1181985,1182047,1182110,1182118,1182128,1182140,1182171,1182175,1182259,1182265,1182266,1182267,1182268,1182271,1182272,1182273,1182275,1182276,1182278,1182283,1182341,1182374,1182380,1182381,1182406,1182430,1182439,1182441,1182442,1182443,1182444,1182445,1182446,1182447,1182449,1182454,1182455,1182456,1182457,1182458,1182459,1182460,1182461,1182462,1182463,1182464,1182465,1182466,1182485,1182489,1182490,1182507,1182547,1182558,1182560,1182561,1182571,1182599,1182602,1182626,1182650,1182672,1182676,1182683,1182684,1182686,1182770,1182798,1182800,1182801,1182854,1182856
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-livepatch-SLE15-SP2_Update_11-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.52.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.52.1, kernel-obs-build-5.3.18-24.52.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1, kernel-syms-5.3.18-24.52.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.52.1, kernel-default-base-5.3.18-24.52.1.9.24.1, kernel-preempt-5.3.18-24.52.1, kernel-source-5.3.18-24.52.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2021-03-14 17:25:48 UTC

openSUSE-SU-2021:0407-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1181720,1181735,1181736,1181738
CVE References: CVE-2020-12362,CVE-2020-12363,CVE-2020-12364,CVE-2020-12373
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-firmware-20200107-lp152.2.6.1

Comment 22 Robert Frohl 2022-04-13 11:32:11 UTC

done