1156043 – (CVE-2019-18786) VUL-1: CVE-2019-18786: kernel-source: Memory disclosure problem in drivers/media/platform/rcar_drif.c

Bug 1156043 (CVE-2019-18786) - VUL-1: CVE-2019-18786: kernel-source: Memory disclosure problem in drivers/media/platform/rcar_drif.c

Summary: VUL-1: CVE-2019-18786: kernel-source: Memory disclosure problem in drivers/me...

Status:	RESOLVED FIXED

Alias:	CVE-2019-18786

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/246556/
Whiteboard:	CVSSv2:NVD:CVE-2019-18786:2.1:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-11-06 13:05 UTC by Wolfgang Frisch
Modified:	2024-06-25 14:04 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
upstream patch (511 bytes, patch) 2019-11-06 13:08 UTC, Wolfgang Frisch	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-11-06 13:05:10 UTC

CVE-2019-18786

In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in
rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause
a memory disclosure problem.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18786
https://patchwork.linuxtv.org/patch/59542/

Comment 1 Wolfgang Frisch 2019-11-06 13:08:34 UTC

Created attachment 823501 [details]
upstream patch

Comment 2 Wolfgang Frisch 2019-11-06 13:38:39 UTC

None of our released kernels contain this driver.

It is however included in the upcoming SLE-15-SP2 kernel.

Comment 3 Takashi Iwai 2019-11-06 14:00:50 UTC

We have no released kernel that supports this driver, AFAIK.
The code is there but it's not enabled.

I'm going to take the fix once when merged to upstream, but basically we are unaffected.

Comment 4 Takashi Iwai 2019-11-11 11:56:20 UTC

The fix commit in subsystem tree:
d39083234c60519724c6ed59509a2129fd2aed41
    media: rcar_drif: fix a memory disclosure

Still waiting for merge into Linus tree, as this is a very minor issue.

Comment 5 Takashi Iwai 2019-11-27 06:44:47 UTC

Backported to SLE15-SP2 branch.

Reassigned back to security team.

Comment 6 Alexandros Toptsoglou 2020-04-29 13:40:31 UTC

Closing