The hidma_chan_stats() function in the drivers/dma/qcom/hidma_dbg.c file in the Linux kernel allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file. By default debugfs filesystem access is restricted, so only a privileged user can access it.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1696605]
This was mitigated in 4.15 and newer kernels with commit ad67b74d2469d9b82aaa572d76474c95bc484d57 "printk: hash addresses printed with %p"
RHEL-8 has the %p cloaking patchset integrated, so %p is cloaked if printed. RHEL-ALT is vulnerable to this flaw, but by default debugfs filesystem access is restricted, so only a privileged user (a real "root") can access it. Henceforth, we do not believe this issue is a security flaw. Earlier RHEL versions do not build and ship the code in question.