Date: Wed, 25 Jun 2014 09:39:06 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: Mateusz Guzik <mguzik@...hat.com> Subject: CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents() A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to aio_read_events_ring() failed to correctly limit the index into ctx->ring_pages, allowing an attacker to cause the subsequent kmap() of an arbitrary page with a copy_to_user() to copy the contents into userspace. Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623 This issue was discovered by Mateusz Guzik of Red Hat. -- Petr Matousek / Red Hat Product Security PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.