[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user s
From: Fuqian Huang <huangfq.daxian () gmail ! com>
Date: 2019-04-18 13:33:59
Message-ID: CABXRUiRB0POW+i-Q5NAjbkBjStUZ9YVehk=dOsM-p7symuUgdQ () mail ! gmail ! com
[Download RAW message or body]
In drivers/net/wan/lmc/lmc_main.c:510,
lmc_ioctl will dump the address of data to dmesg when xc.command is
lmc_xilinx_load, which allows local user to read the kernel address.
int lmc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) /*fold00*/
{
...
case lmc_xilinx_load: /*fold02*/
...
printk("%s: Starting load of data Len: %d at 0x%p ==
0x%p\n", dev->name, xc.len, xc.data, data);
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic