1581637 – (CVE-2017-13305) CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

Bug 1581637 (CVE-2017-13305) - CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

Summary: CVE-2017-13305 kernel: Buffer over-read in keyring subsystem allows exposing ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2017-13305
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1582985
Blocks:	1581641
TreeView+	depends on / blocked

Reported:	2018-05-23 09:32 UTC by Adam Mariš
Modified:	2021-02-17 00:16 UTC (History)
CC List:	42 users (show)
Fixed In Version:	kernel 4.12
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.
Clone Of:
Environment:
Last Closed:	2019-06-10 10:26:24 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2165	0	None	None	None	2018-07-10 17:17:10 UTC

Description Adam Mariš 2018-05-23 09:32:20 UTC

A flaw was found in the Linux kernels implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison.  By bruteforcing the comparison an attacker could determine what was in memory after the description.

This could allow a local attacker to obtain possibly sensitive information from kernel memory.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add

Comment 4 errata-xmlrpc 2018-07-10 17:16:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2018:2165

Note You need to log in before you can comment on or make changes to this bug.

airlied
aquini
bhu
blc
bskeggs
dhoward
ewk
fhrbata
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
mmilgram
nmurray
plougher
rt-maint
rvrbovsk
skozina
steved
williams
wmealing