Bug 1581637 (CVE-2017-13305)

Summary: CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: airlied, aquini, bhu, blc, bskeggs, dhoward, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, skozina, steved, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 4.12 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:26:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1582985    
Bug Blocks: 1581641    

Description Adam Mariš 2018-05-23 09:32:20 UTC 
A flaw was found in the Linux kernels implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison.  By bruteforcing the comparison an attacker could determine what was in memory after the description.

This could allow a local attacker to obtain possibly sensitive information from kernel memory.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add
Comment 4 errata-xmlrpc 2018-07-10 17:16:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2018:2165