Date: Wed, 25 Jun 2014 09:39:06 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: Mateusz Guzik <mguzik@...hat.com> Subject: CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents() A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to aio_read_events_ring() failed to correctly limit the index into ctx->ring_pages, allowing an attacker to cause the subsequent kmap() of an arbitrary page with a copy_to_user() to copy the contents into userspace. Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623 This issue was discovered by Mateusz Guzik of Red Hat. -- Petr Matousek / Red Hat Product Security PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ