There is a kernel information leak vulnerability which was produced by my improved syzkaller, The output message is as follows:
Syzkaller hit 'KMSAN: kernel-infoleak in copy_page_to_iter' bug.
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user build/../include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in copyout build/../lib/iov_iter.c:156 [inline]
BUG: KMSAN: kernel-infoleak in copy_page_to_iter_iovec build/../lib/iov_iter.c:231 [inline]
BUG: KMSAN: kernel-infoleak in __copy_page_to_iter build/../lib/iov_iter.c:855 [inline]
BUG: KMSAN: kernel-infoleak in copy_page_to_iter+0xa65/0x2630 build/../lib/iov_iter.c:883
instrument_copy_to_user build/../include/linux/instrumented.h:121 [inline]
copyout build/../lib/iov_iter.c:156 [inline]
copy_page_to_iter_iovec build/../lib/iov_iter.c:231 [inline]
__copy_page_to_iter build/../lib/iov_iter.c:855 [inline]
call_read_iter build/../include/linux/fs.h:2156 [inline]
new_sync_read build/../fs/read_write.c:400 [inline]
__do_sys_read build/../fs/read_write.c:629 [inline]
__se_sys_read build/../fs/read_write.c:627 [inline]
do_syscall_x64 build/../arch/x86/entry/common.c:51 [inline]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
Should this CVE be rejected? I'm not sure as the traces do not completely correspond. There is on one hand https://syzkaller.appspot.com/bug?id=602bc454598b9bc1186ea9f927f6225ef64a397b which was auto-closed as invalid, and https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8 which though is fixed 5.14-rc1 (with ce3aba43599f0b50adbebff133df8d08a3d5fffe).
Thanks for clarifying.
Hello, looking closely at both the traces we will notice they are similar occurrences and relates to a similar problem.
Below is the trace in common
copy_page_to_iter_iovec lib/iov_iter.c:212 [inline]
generic_file_buffered_read mm/filemap.c:2185 [inline]
call_read_iter include/linux/fs.h:1801 [inline]
new_sync_read fs/read_write.c:406 [inline]
This issue was fixed upstream in kernel version 5.14. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata:
kernel in Red Hat Enterprise Linux 8
kernel-rt in Red Hat Enterprise Linux 8
Thank you Mauro for the necessary changes to get https://access.redhat.com/security/cve/CVE-2022-0850 content correct.