lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABXRUiRP8fHvGkO3T9AOFV=prVUACiCm2frbAEnG2v6UhrTw0A@mail.gmail.com>
Date:   Tue, 22 Jan 2019 21:25:33 +0800
From:   Fuqian Huang <huangfq.daxian@...il.com>
To:     linux-kernel@...r.kernel.org, dmaengine@...r.kernel.org,
        linux-soc@...r.kernel.org, linux-arm-msm@...r.kernel.org
Subject: Potential info leak: Kernel pointer leak?

Hi, recently I came across some code and it seems to be able to leak
kernel address?
Is the following code cause info leak in the Linux kernel?
The callback function address is printed to debugfs.
The local user could know the kernel object address, and is able to
bypass kASLR.
linux-4.14.90
drivers/dma/qcom/hidma_dbg.c:46
function - hidma_ll_chstats

The hidma_ll_chstats function in drivers/dma/qcom/hidma_dbg.c in the
Linux kernel 4.14.90 allows local users to obtain sensitive address
information by reading "callback=" lines in a debugfs file.

Similar to CVE-2018-7754

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ