CVE-2019-11810: kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS

Bug #1849206 reported by Bruce Jones on 2019-10-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Robin Lu

Bug Description

status : fixed
cvss2Score : 7.8
Attack Vector: N
Access Complexity : L
Autentication: N
Availability Impact :C
Affected packages:
['kernel', 'kernel-tools', 'kernel-tools-libs', 'perf', 'python-perf']
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

CVE References

Bruce Jones (brucej) on 2019-10-21
tags: added:
Bruce Jones (brucej) on 2019-10-21
Changed in starlingx:
importance: Undecided → High
tags: added: stx.3.0
Ghada Khalil (gkhalil) wrote :

This CVE meets the fix criteria for StarlingX. Therefore, it needs to be fixed in master for stx.3.0 and then cherry-picked to r/stx.2.0.

tags: added: stx.2.0
summary: - Fix CVE-2019-11810
+ CVE-2019-11810: kernel: a NULL pointer dereference in
+ drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
Ghada Khalil (gkhalil) on 2019-10-21
Changed in starlingx:
status: New → Triaged
Cindy Xie (xxie1) on 2019-10-22
Changed in starlingx:
assignee: nobody → Cindy Xie (xxie1)
Lin Shuicheng (shuicheng) wrote :

Here is the link from Redhat:

And the issue is fixed in kernel srpm. The problem is that we cannot find the same version rt kernel.
The issue is fixed in rt kernel also for RedHat 8 and RedHat 7.7, but only in std kernel for RedHat 7.6.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6
The new std kernel with issue fixed:

But for rt kernel, I could find below version only (27 in rt VS 35 in std):

The only way to keep std and rt kernel with the same version is to use kernel from CentOS 7.7.
std kernel:
rt kernel:

Any suggestion for this issue?

Lin Shuicheng (shuicheng) wrote :

Just find "kernel-3.10.0-957.35.1.el7.src.rpm" is for RedHat only. CentOS 7.6 doesn't have it also.
So I prefer to fix this issue in CentOS 7.6 by cherry-pick upstream patch to current kernel srpm (kernel-3.10.0-957.21.3.el7.src.rpm).
Here is the patch link provided in CVE:

Here is the bug track for RedHat OS:

Lin Shuicheng (shuicheng) wrote :

The issue is fixed with below srpm from CentOS 7.7.
std kernel:
rt kernel:

To fix below kernel CVE, std/rt kernel will be upgraded to a higher version than this version.

So we will upgrade kernel srpm to below version, which will cover this issue.
std kernel: kernel-3.10.0-1062.1.2.el7.src.rpm
rt kernel: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm

Lin Shuicheng (shuicheng) wrote :

Since bug #1847817 fix will include fix for this issue also, mark it as duplicated.

Ghada Khalil (gkhalil) on 2019-11-22
information type: Private Security → Public Security
Changed in starlingx:
assignee: Cindy Xie (xxie1) → Robin Lu (robinlu)
Changed in starlingx:
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.