Bug 1143038 - (CVE-2018-20854) VUL-1: CVE-2018-20854: kernel-source: out-of-bounds read on array ctrl->phys, once variable i reaches the maximum array size
(CVE-2018-20854)
VUL-1: CVE-2018-20854: kernel-source: out-of-bounds read on array ctrl->phys,...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/238066/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-26 13:12 UTC by Alexandros Toptsoglou
Modified: 2020-05-12 11:20 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-07-26 13:12:51 UTC
CVE-2018-20854

An issue was discovered in the Linux kernel before 4.20.
drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant
ctrl->phys out-of-bounds read.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20854
https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
Comment 1 Alexandros Toptsoglou 2019-07-26 13:15:38 UTC
Only versions above 4.20 are affected. The fix had already been pushed upstream last year
Comment 2 Takashi Iwai 2019-07-26 13:34:22 UTC
Right, it was only about TW, and it's done.  SLE15-SPx don't contain the driver.
Reassigned back to security team.
Comment 3 Alexandros Toptsoglou 2020-05-12 11:20:52 UTC
Done