Bug 1581637 – CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1581637 - (CVE-2017-13305) CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

Summary:	CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing ...

Status:	NEW

Aliases:	CVE-2017-13305

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20170608,repor...
Keywords:	Security

Depends On:	1582985
Blocks:	1581641
	Show dependency tree / graph

Reported:	2018-05-23 05:32 EDT by Adam Mariš
Modified:	2018-08-28 18:43 EDT (History)
CC List:	42 users (show)

See Also:
Fixed In Version:	kernel 4.12
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2165	None	None	None	2018-07-10 13:17 EDT

Groups: None (edit)

Description Adam Mariš 2018-05-23 05:32:20 EDT

A flaw was found in the Linux kernels implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison.  By bruteforcing the comparison an attacker could determine what was in memory after the description.

This could allow a local attacker to obtain possibly sensitive information from kernel memory.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add

Comment 4 errata-xmlrpc 2018-07-10 13:16:51 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2018:2165

Note You need to log in before you can comment on or make changes to this bug.

airlied
aquini
bhu
blc
bskeggs
dhoward
esammons
ewk
fhrbata
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
skozina
steved
williams
wmealing