[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_
From:       Wade Mealing <wmealing () redhat ! com>
Date:       2018-05-09 5:20:03
Message-ID: CALJHwhRC-+DmnUY-xvOx0uyynp7T2jfarnAcnJbxNqAFesefjw () mail ! gmail ! com
[Download RAW message or body]

Gday,

A flaw was found in the vhost_new_msg() function which does not
properly initialize memory in messages passed between virtual guests
and the host operating system. This can allow local privileged users
to read previously set kernel memory contents when reading from the
/dev/vhost-net device file.  This would be classified as an
information leak that could be used to defeat other protection
mechanisms.

As far as I can tell this information doesn't flow to guests, only to
the parent system which is hosting the virtual machines.



Upstream post:

https://lkml.org/lkml/2018/4/27/833

https://bugzilla.redhat.com/show_bug.cgi?id=1573699

Thanks
-- 
Wade Mealing

Product Security - Kernel, RHCE

Red Hat
[prev in list] [next in list] [prev in thread] [next in thread]