Bug 1581637 (CVE-2017-13305) - CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker
Summary: CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing ...
Status: NEW
Alias: CVE-2017-13305
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170608,repor...
Keywords: Security
Depends On: 1582985
Blocks: 1581641
TreeView+ depends on / blocked
 
Reported: 2018-05-23 09:32 UTC by Adam Mariš
Modified: 2019-04-02 15:19 UTC (History)
42 users (show)

(edit)
A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2165 None None None 2018-07-10 17:17 UTC

Description Adam Mariš 2018-05-23 09:32:20 UTC
A flaw was found in the Linux kernels implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison.  By bruteforcing the comparison an attacker could determine what was in memory after the description.

This could allow a local attacker to obtain possibly sensitive information from kernel memory.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add

Comment 4 errata-xmlrpc 2018-07-10 17:16:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2018:2165


Note You need to log in before you can comment on or make changes to this bug.