Allele Security Alert
ASA-2019-00029
Identifier(s)
ASA-2019-00029, CVE-2018-20669
Title
Missing access_ok() checks in IOCTL function i915_gem_execbuffer2_ioctl()
Vendor(s)
Linux foundation
Product(s)
Linux
Affected version(s)
Linux kernel before v5.0-rc1
Fixed version(s)
Linux kernel v5.0-rc1 and later
Proof of concept
Unknown
Description
Due to a lack of access_ok() checks in i915_gem_execbuffer2_ioctl(), it is possible to achieve escalation of privilege.
Technical details
Unknown
Credits
Unknown
Reference(s)
Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)
https://seclists.org/oss-sec/2019/q1/88
make ‘user_access_begin()’ do ‘access_ok()’
https://github.com/torvalds/linux/commit/594cc251fdd0d231d342d88b2fdff4bc42fb0690
CVE-2018-20669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20669
CVE-2018-20669
https://nvd.nist.gov/vuln/detail/CVE-2018-20669
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 31, 2019