Bug 1157813 (CVE-2019-19252) - VUL-1: CVE-2019-19252: kernel-source: vcs_write in drivers/tty/vt/vc_screen.c does not prevent write access to vcsu devices
Summary: VUL-1: CVE-2019-19252: kernel-source: vcs_write in drivers/tty/vt/vc_screen.c...
Status: RESOLVED FIXED
Alias: CVE-2019-19252
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/247920/
Whiteboard: CVSSv3.1:NVD:CVE-2019-19252:7.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-26 16:52 UTC by Wolfgang Frisch
Modified: 2024-06-25 14:08 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-26 16:52:02 UTC 
CVE-2019-19252

vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does
not prevent write access to vcsu devices.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19252
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19252.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19252
https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/
Comment 2 Jiri Slaby 2019-11-28 07:22:56 UTC 
In -next as:
commit 0c9acb1af77a3cb8707e43f45b72c95266903cee
Author: Nicolas Pitre <nico@fluxnic.net>
Date:   Tue Nov 5 10:33:16 2019 +0100

    vcs: prevent write access to vcsu devices
Comment 3 Jiri Slaby 2020-01-03 10:41:05 UTC 
The fix is in 5.5-rc1.

The bug was introduced by:
commit d21b0be246bf3bbf569e6e239f56abb529c7154e
Author: Nicolas Pitre <nico@fluxnic.net>
Date:   Tue Jun 26 23:56:41 2018 -0400

    vt: introduce unicode mode for /dev/vcs

in 4.19.

So affected is only SLE15-SP2 and stable. master is on 5.5 already. And both SLE15-SP2 and stable received the fix via stable, so I only updated the tags.
Comment 4 Marcus Meissner 2020-07-10 13:03:48 UTC 
fixed