Bugzilla – Bug 1215299
VUL-0: CVE-2020-36766: kernel-source,kernel-source-azure,kernel-source-rt: kernel memory leak in cec_adap_g_log_addrs()
Last modified: 2023-11-02 16:30:10 UTC
This is from upstream: commit 6c42227c3467549ddc65efe99c869021d2f4a570 Author: Hans Verkuil <hverkuil-cisco@xs4all.nl> Date: Fri Jun 26 12:44:26 2020 +0200 cec-api: prevent leaking memory through hole in structure Fix this smatch warning: drivers/media/cec/core/cec-api.c:156 cec_adap_g_log_addrs() warn: check that 'log_addrs' doesn't leak information (struct has a hole after 'features') Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> It is one (yes 1) byte and requires specific hardware, but the ioctl is unprivileged. This is a security issue.
Commit introducing the issue: https://github.com/torvalds/linux/commit/ca684386e6e21ba1511061f71577cdb6c3f2b3d3 Fixing commit: https://github.com/torvalds/linux/commit/6c42227c3467549ddc65efe99c869021d2f4a570 Tracking as affected: - SLE12-SP5 - cve/linux-4.12 - cve/linux-5.3 Not affected (contains both commits): - SLE15-SP4-AZURE - SLE15-SP4-RT - SLE15-SP4 - SLE15-SP5 - SLE15-SP5-AZURE - SLE15-SP5-RT - SLE15-SP6 - SLE15-SP6-AZURE - SLE15-SP6-RT - ALP-current - stable Not affected (does not contain introducing commit): - cve/linux-3.0 - cve/linux-4.4 Please let me know if you have any concerns, reassigning to kernel-bugs :)
I would rate it like this: score: 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N I will also request a cve, at itself it is probably not so severe, but maybe this could be used in conjunction with something else, so i think better safe to request one.
Takashi, this seems to be in your area.
As it's only for the old releases, let's wait for CVE assignment.
CVE-2020-36766 was assigned
The fix was submitted to cve/linux-5.3 and cve/linux-4.12 branches. SLE12-SP5 will receive the fix from cve/linux-4.12. Reassigned back to security team.
SUSE-SU-2023:4031-1: An update that solves 13 vulnerabilities, contains one feature and has 39 security fixes can now be installed. Category: security (important) Bug References: 1065729, 1109837, 1152446, 1154048, 1207168, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954 CVE References: CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Jira References: PED-5021 Sources used: SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_49-1-8.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.179.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1 SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4030-1: An update that solves 13 vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1207036, 1208995, 1210169, 1210643, 1212703, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299 CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Sources used: SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_41-1-150200.5.3.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.166.1, kernel-source-5.3.18-150200.24.166.1, kernel-default-base-5.3.18-150200.24.166.1.150200.9.83.1, kernel-syms-5.3.18-150200.24.166.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4033-1: An update that solves 12 vulnerabilities and has 39 security fixes can now be installed. Category: security (important) Bug References: 1065729, 1109837, 1152446, 1154048, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954 CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Sources used: SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.144.1, kernel-source-rt-4.12.14-10.144.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4095-1: An update that solves 14 vulnerabilities and has eight security fixes can now be installed. Category: security (important) Bug References: 1176588, 1202845, 1207036, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356 CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-23454, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Sources used: SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_37-1-150300.7.5.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Manager Proxy 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Manager Retail Branch Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Manager Server 4.2 (src): kernel-source-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.138.1, kernel-source-5.3.18-150300.59.138.1, kernel-obs-build-5.3.18-150300.59.138.1, kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.138.1.150300.18.80.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4142-1: An update that solves 13 vulnerabilities and has eight security fixes can now be installed. Category: security (important) Bug References: 1176588, 1202845, 1207270, 1208995, 1210169, 1210643, 1210658, 1212703, 1213812, 1214233, 1214351, 1214380, 1214386, 1215115, 1215117, 1215150, 1215221, 1215275, 1215299, 1215322, 1215356 CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-4004, CVE-2023-40283, CVE-2023-42753, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4347-1: An update that solves 17 vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1208995, 1210169, 1210778, 1212703, 1214233, 1214380, 1214386, 1215115, 1215117, 1215221, 1215275, 1215299, 1215467, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051 CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-42754, CVE-2023-45862, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921 Sources used: SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_45-1-150100.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1 SUSE CaaS Platform 4.0 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.