It was found that SCSI driver in the Linux kernel can improperly access userspace memory outside the provided buffer. A local privileged attacker could potentially use this flaw to expose information from the kernel memory. References: https://lore.kernel.org/lkml/20180615152335.208202-1-jannh@google.com/T/#u https://lwn.net/Articles/760406/ https://source.android.com/security/bulletin/pixel/2017-12-01 https://github.com/LineageOS/android_kernel_xiaomi_msm8996/commit/4e624aeb719ba0a13390f70b18f2388372614b94 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=26b5b874aff5659a7e26e5b1997e3df2c41fa7fd
Note: It apperared that an attacker would have to be able to open and aceess /dev/sg* which in RHEL systems are by default allowed to a privileged user (real non-container root) and members of the "disk" group (empty by default). Therefore we assume this issue is a bug and not a security flaw.