Red Hat Bugzilla – Bug 1317576
CVE-2016-0823 kernel: Leakage of physical address mappings to non-privileged userspace
Last modified: 2018-08-28 18:03:54 EDT
It was reported that pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3 allows local users to obtain sensitive physical-address information by reading a /proc/<pid>/pagemap file. The initial fix (commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce) put the privilege check directly in the pagemap_open function, which was considered too coarse. Upstream later moved the check into pagemap_read with commit 1c90308e7a77af6742a97d1021cca923b23b7f0d. This allows /proc/<pid>/pagemap to be opened and read by non-root users but it does not expose the physical addresses that could be used by the rowhammer exploit. Upstream patch: https://github.com/torvalds/linux/commit/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce Introduced in commit: https://github.com/torvalds/linux/commit/85863e475e59afb027b0113290e3796ee6020b7d External Reference: https://googleprojectzero.blogspot.cz/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1327067]
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5. This has been rated as having Low security impact and is not currently planned to be addressed in future updates of 6, 7, and MRG-2. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/ .