Bug 1192886 - (CVE-2021-0200) VUL-1: CVE-2021-0200: kernel-firmware: out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers
(CVE-2021-0200)
VUL-1: CVE-2021-0200: kernel-firmware: out-of-bounds write in the firmware fo...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Takashi Iwai
Security Team bot
https://smash.suse.de/issue/315206/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-19 13:54 UTC by Thomas Leroy
Modified: 2021-12-09 10:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-11-19 13:54:54 UTC
CVE-2021-0200

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers
before version 8.2 may allow a privileged user to potentially enable an
escalation of privilege via local access.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0200
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00554.html
Comment 1 Thomas Leroy 2021-11-19 13:55:24 UTC
Still not clear for me if we are affected or not.
Comment 2 Takashi Iwai 2021-12-01 07:54:41 UTC
Please update if we have more concrete information.
Comment 3 Thomas Leroy 2021-12-01 13:54:29 UTC
This is some kind of tricky case. The issue seems to be related to a specific controller firmware, to which I can't find sign in kernel-firmware. It does not seem to be related to ethernet drivers that we could find in kernel-source. 
For the moment, from what I found, I think we are not affected, but I am not 100% sure.
Comment 4 Thomas Leroy 2021-12-07 14:34:39 UTC
I can find some references to X710, XL710 and XXV710 intel drivers in kernel sources (intel i40 drivers), which I assume are related to the Intel(R) Ethernet 700 Series Controllers.
Takashi, can you please confirm that the drivers containing *710 references are related to these 700 Series Controllers? If this is the case, I will assign this bug to kernel-source, and conduct investigations like a standard kernel issue.
Comment 5 Takashi Iwai 2021-12-08 14:41:26 UTC
(In reply to Thomas Leroy from comment #4)
> I can find some references to X710, XL710 and XXV710 intel drivers in kernel
> sources (intel i40 drivers), which I assume are related to the Intel(R)
> Ethernet 700 Series Controllers.
> Takashi, can you please confirm that the drivers containing *710 references
> are related to these 700 Series Controllers?

I can only guess that i40e corresponds to the described devices.  But the description is way too vague, and I don't find any corresponding version.

> If this is the case, I will
> assign this bug to kernel-source, and conduct investigations like a standard
> kernel issue.

But isn't the bug about the firmware, no?  How it can be a standard kernel issue?
Comment 6 Takashi Iwai 2021-12-08 14:43:25 UTC
Of course, if there is a known workaround for the buggy firmware in the upstream driver code, we may backport it.  Too little information, so far...
Comment 7 Thomas Leroy 2021-12-09 10:23:35 UTC
(In reply to Takashi Iwai from comment #5)
> But isn't the bug about the firmware, no?  How it can be a standard kernel

You're absolutely right. I just wanted to check if we could find some useful information in the kernel drivers. 

(In reply to Takashi Iwai from comment #6)
> Of course, if there is a known workaround for the buggy firmware in the
> upstream driver code, we may backport it.  Too little information, so far...

I double checked the history of the drivers sources mentioning *710 firmware, but nothing related to a recent security fix appeared.

Due to the few information we have, and the absence of firmware related to Intel(R) 700 Series Controllers in our kernel-firmware package, I close this bug because we are not affected. Thank you very much Takashi for your help.