Bug 1614057 (CVE-2018-5953)

Summary: CVE-2018-5953 kernel: Information Exposure through dmesg data from a "software IO TLB" printk call
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, airlied, aquini, bhu, blc, bmcclain, bskeggs, dbaker, dhoward, esammons, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, john.j5live, jokerman, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, lwang, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, rt-maint, rvrbovsk, skozina, slawomir, steved, sthangav, trankin, vdronov, williams, ylavi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel where the swiotlb_print_info() function in lib/swiotlb.c allows local users to obtain some kernel address information by reading the kernel log (dmesg). This address is not useful to commit a further attack.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-09 16:08:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1614058    

Description Laura Pardo 2018-08-08 22:07:57 UTC 
A flaw was found in the Linux kernel that swiotlb_print_info() function in lib/swiotlb.c allows local users to obtain some kernel address information by reading the kernel log (dmesg). This address is not useful to commit a further attack.

References:

https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad67b74d2469d
Comment 3 Vladis Dronov 2018-08-09 16:08:31 UTC 
Notes:

The kernel addresses revealed in the kernel log are of the kernel objects which are allocated dynamically and does not give an information about the kernel code or objects location and so are useless for a possible attacker.