|
Message-ID: <CAG_fn=WuQgi2dWQesBdAzYEvRGWbLU97qdGMAjiyWkbCEX=bRQ@mail.gmail.com>
Date: Mon, 9 Oct 2017 11:12:08 +0200
From: Alexander Potapenko <glider@...gle.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-14991 in the Linux Kernel: local infoleak via an
SG_GET_REQUEST_TABLE ioctl call for /dev/sg0
Hello,
Kernel commit 109bade9c625c89bb5ea753aaa1a0a97e6fbb548 has introduced
an infoleak which manifests when the SG_GET_REQUEST_TABLE ioctl is
called for /dev/sg0 (see the attached repro).
The bug allows local users to obtain sensitive information from
uninitialized kernel heap-memory locations. Linux kernels before
4.13.4 are affected.
The bug has been found with syzkaller and KMSAN, upstream fix is here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
View attachment "sg_ioctl.c" of type "text/x-csrc" (1683 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.