'[oss-security] Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user s'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user s
From:       Fuqian Huang <huangfq.daxian () gmail ! com>
Date:       2019-04-18 13:33:59
Message-ID: CABXRUiRB0POW+i-Q5NAjbkBjStUZ9YVehk=dOsM-p7symuUgdQ () mail ! gmail ! com
[Download RAW message or body]

In drivers/net/wan/lmc/lmc_main.c:510,
lmc_ioctl will dump the address of data to dmesg when xc.command is
lmc_xilinx_load, which allows local user to read the kernel address.

int lmc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) /*fold00*/
{
    ...
    case lmc_xilinx_load: /*fold02*/
        ...
            printk("%s: Starting load of data Len: %d at 0x%p ==
0x%p\n", dev->name, xc.len, xc.data, data);
}
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic