Date: Wed, 9 May 2018 15:20:03 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() Gday, A flaw was found in the vhost_new_msg() function which does not properly initialize memory in messages passed between virtual guests and the host operating system. This can allow local privileged users to read previously set kernel memory contents when reading from the /dev/vhost-net device file. This would be classified as an information leak that could be used to defeat other protection mechanisms. As far as I can tell this information doesn't flow to guests, only to the parent system which is hosting the virtual machines. Upstream post: https://lkml.org/lkml/2018/4/27/833 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 Thanks -- Wade Mealing Product Security - Kernel, RHCE Red Hat
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ