'[oss-security] Information Leak in mincore() in the Linux Kernel CVE-2017-16994'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Information Leak in mincore() in the Linux Kernel CVE-2017-16994
From:       Marcus Meissner <meissner () suse ! de>
Date:       2017-11-27 20:19:20
Message-ID: 20171127201920.GZ21404 () suse ! de
[Download RAW message or body]

Hi,

Mitre has allocated CVE-2017-16994 for this bug found by Google P0 team member jannh.

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles \
holes in hugetlb ranges, which allows local users to obtain sensitive information from \
uninitialized kernel memory via crafted use of the mincore() system call.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16994
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c \
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1431

Ciao, Marcus

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic