The walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 https://www.exploit-db.com/exploits/43178/ A flaw was introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e25a271c8ac1c9faebf4eb3fa609189e4e7b1b6 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1518156]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2, as a code with the flaw is not present in the products listed. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE in the "kernel-alt" packages.
What is Red Hat Enterprise Linux 7 for ARM, Red Hat Enterprise Linux 7 for Power LE, and the "kernel-alt" package: The "kernel-alt" package as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE is an updated kernel intended to support new architectures not available at the time of Red Hat Enterprise Linux 7 original shipping. The new kernel version provided by the "kernel-alt" packages is based on upstream Linux kernel version 4.11. The offering is distributed with other updated packages, but most of the userspace is the standard Red Hat Enterprise Linux 7 Server RPM files. For more information please refer to: https://access.redhat.com/articles/3158541 https://access.redhat.com/articles/3158511
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0502 https://access.redhat.com/errata/RHSA-2018:0502