A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1650 https://lore.kernel.org/lkml/20180828154901.112726-1-jannh@google.com/T/ https://seclists.org/oss-sec/2018/q4/9 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1629942]
This is fixed for Fedora with the 4.18.6 stable updates.
External References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1650
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-14656