'[oss-security] CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents()
From:       Petr Matousek <pmatouse () redhat ! com>
Date:       2014-06-25 7:39:06
Message-ID: 20140625073906.GJ19028 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]

A kernel memory disclosure was introduced in aio_read_events_ring() in
v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797.  The changes
made to aio_read_events_ring() failed to correctly limit the index into
ctx->ring_pages[], allowing an attacker to cause the subsequent kmap()
of an arbitrary page with a copy_to_user() to copy the contents into
userspace.

Upstream patches:

  https://lkml.org/lkml/2014/6/24/619
  https://lkml.org/lkml/2014/6/24/623

This issue was discovered by Mateusz Guzik of Red Hat.

-- 
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic