[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_
From: Wade Mealing <wmealing () redhat ! com>
Date: 2018-05-09 5:20:03
Message-ID: CALJHwhRC-+DmnUY-xvOx0uyynp7T2jfarnAcnJbxNqAFesefjw () mail ! gmail ! com
[Download RAW message or body]
Gday,
A flaw was found in the vhost_new_msg() function which does not
properly initialize memory in messages passed between virtual guests
and the host operating system. This can allow local privileged users
to read previously set kernel memory contents when reading from the
/dev/vhost-net device file. This would be classified as an
information leak that could be used to defeat other protection
mechanisms.
As far as I can tell this information doesn't flow to guests, only to
the parent system which is hosting the virtual machines.
Upstream post:
https://lkml.org/lkml/2018/4/27/833
https://bugzilla.redhat.com/show_bug.cgi?id=1573699
Thanks
--
Wade Mealing
Product Security - Kernel, RHCE
Red Hat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic