lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190416070634.13421-1-huangfq.daxian@gmail.com>
Date:   Tue, 16 Apr 2019 15:06:34 +0800
From:   Fuqian Huang <huangfq.daxian@...il.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     stable@...r.kernel.org, gregkh@...uxfoundation.org,
        Fuqian Huang <huangfq.daxian@...il.com>,
        Subbu Seetharaman <subbu.seetharaman@...adcom.com>,
        Ketan Mukadam <ketan.mukadam@...adcom.com>,
        Jitendra Bhivare <jitendra.bhivare@...adcom.com>,
        "James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 4.14] scsi:be2iscsi: Fix a kernel address leakage in be_main.c

Outputting kernel addresses will reveal the locations of kernel code
and data. And there is no need to print the address of a global object 
beiscsi_iscsi_transport in beiscsi_module_init.
This case is similar to CVE-2018-7273[1].
Just remove the print statement.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273

Signed-off-by: Fuqian Huang <huangfq.daxian@...il.com>
---
 drivers/scsi/be2iscsi/be_main.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
index b4542e7..f0dcd1f 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -5844,8 +5844,6 @@ static int __init beiscsi_module_init(void)
 		       "beiscsi_module_init - Unable to  register beiscsi transport.\n");
 		return -ENOMEM;
 	}
-	printk(KERN_INFO "In beiscsi_module_init, tt=%p\n",
-	       &beiscsi_iscsi_transport);
 
 	ret = pci_register_driver(&beiscsi_pci_driver);
 	if (ret) {
-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ