Bug 1757375 (CVE-2017-18550) - CVE-2017-18550 kernel: information exposure in drivers/scsi/aacraid/commctrl.c
Summary: CVE-2017-18550 kernel: information exposure in drivers/scsi/aacraid/commctrl.c
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-18550
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1757376
Blocks: 1757377
TreeView+ depends on / blocked
 
Reported: 2019-10-01 10:43 UTC by Dhananjay Arunesh
Modified: 2021-02-16 21:20 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in drivers/scsi/aacraid/commctrl.c in the Linux kernel, where there is potential exposure of kernel stack memory because the aac_get_hba_info function, does not initialize the hbainfo structure. An attacker with relevant permissions can issue ioctl to an aacraid device.
Clone Of:
Environment:
Last Closed: 2020-02-14 08:09:34 UTC
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-10-01 10:43:31 UTC
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342ffc26693b528648bdc9377e51e4f2450b4860

Comment 1 Dhananjay Arunesh 2019-10-01 10:44:03 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1757376]

Comment 2 Justin M. Forbes 2019-10-01 13:51:37 UTC
This was fixed in upstream kernel 4.13 and has never impacted any still currently supported release of Fedora.

Comment 5 Wade Mealing 2020-02-14 04:48:32 UTC
Mitigation:

There is no known mitigation to this flaw, preventing users being able to issue an ioctl to this device by removing the relevant permissions to do so will limit the information exposure.

Comment 6 Product Security DevOps Team 2020-02-14 08:09:34 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2017-18550


Note You need to log in before you can comment on or make changes to this bug.