Bugzilla – Bug 1183400
VUL-0: CVE-2021-20261: kernel-source,kernel-source-azure,kernel-source-rt: panic on multiple access to floppy device
Last modified: 2022-06-09 08:35:38 UTC
rh#1932150 A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a "In case of multiple threads trying to open("/dev/fdX"), this leads to serious corruptions all over the place, because all of a sudden there is no critical section protection (that'd otherwise be guaranteed by lockedfd) whatsoever." It is likely that this memory corruption will at minimum crash the system, at worse corrupt memory and lead to possible privilege escalation. Fixed in: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a References: https://bugzilla.redhat.com/show_bug.cgi?id=1932150 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20261 http://seclists.org/oss-sec/2021/q1/204 https://access.redhat.com/security/cve/CVE-2021-20261 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a
this is a bit hard to judge, but I think all codestream are affected. I could have made a mistake with the kernel configs though. Please correct me if this is wrong.
The fix is in 4.5 kernel, and already backported to cve/linux-4.4. So at most the backport is needed to cve/linux-3.0 and older branches.
I backported to cve/linux-3.0 and cve/linux-3.12. cve/linux-2.6.32 and cve/linux-2.6.16 need significant amount of modifications.
The fix backported to both cve/linux-2.6.32 and cve/linux-2.6.16 branches, too. Reassigned back to security team.
SUSE-SU-2021:14724-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1056134,1180963,1182715,1182716,1182717,1183400,1183696,1184120,1184194,1184198,1184208,1184211,1184393 CVE References: CVE-2020-35519,CVE-2020-36322,CVE-2021-20261,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28950,CVE-2021-28972,CVE-2021-29650,CVE-2021-30002,CVE-2021-3483 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): kernel-bigmem-3.0.101-108.126.1, kernel-default-3.0.101-108.126.1, kernel-ec2-3.0.101-108.126.1, kernel-pae-3.0.101-108.126.1, kernel-ppc64-3.0.101-108.126.1, kernel-source-3.0.101-108.126.1, kernel-syms-3.0.101-108.126.1, kernel-trace-3.0.101-108.126.1, kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.126.1, kernel-pae-3.0.101-108.126.1, kernel-ppc64-3.0.101-108.126.1, kernel-trace-3.0.101-108.126.1, kernel-xen-3.0.101-108.126.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.126.1, kernel-default-3.0.101-108.126.1, kernel-ec2-3.0.101-108.126.1, kernel-pae-3.0.101-108.126.1, kernel-ppc64-3.0.101-108.126.1, kernel-trace-3.0.101-108.126.1, kernel-xen-3.0.101-108.126.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.