oss-security - CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <20140625073906.GJ19028@dhcp-25-225.brq.redhat.com>
Date: Wed, 25 Jun 2014 09:39:06 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Mateusz Guzik <mguzik@...hat.com>
Subject: CVE-2014-0206 -- Linux kernel: kernel memory disclosure in
 io_getevents()

A kernel memory disclosure was introduced in aio_read_events_ring() in
v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797.  The changes
made to aio_read_events_ring() failed to correctly limit the index into
ctx->ring_pages[], allowing an attacker to cause the subsequent kmap()
of an arbitrary page with a copy_to_user() to copy the contents into
userspace.

Upstream patches:

  https://lkml.org/lkml/2014/6/24/619
  https://lkml.org/lkml/2014/6/24/623

This issue was discovered by Mateusz Guzik of Red Hat.

-- 
Petr Matousek / Red Hat Product Security
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.