1663072 – (CVE-2018-20511) CVE-2018-20511 kernel: Memory address exposure in drivers/net/appletalk/ipddp.c:ipddp_ioctl() by users with CAP_NET_ADMIN

Bug 1663072 (CVE-2018-20511) - CVE-2018-20511 kernel: Memory address exposure in drivers/net/appletalk/ipddp.c:ipddp_ioctl() by users with CAP_NET_ADMIN

Summary: CVE-2018-20511 kernel: Memory address exposure in drivers/net/appletalk/ipddp...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-20511
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1663075
TreeView+	depends on / blocked

Reported:	2019-01-03 03:14 UTC by Sam Fowler
Modified:	2022-03-13 16:39 UTC (History)
CC List:	30 users (show)
Fixed In Version:	kernel 4.18.11
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-01-15 11:06:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2019-01-03 03:14:21 UTC

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.


Upstream Patch:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae
https://github.com/torvalds/linux/commit/9824dfae
https://lkml.org/lkml/2018/9/27/480

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
acaringi
bhu
blc
brdeoliv
dbaker
dhoward
dvlasenk
esammons
fhrbata
hkrzesin
hwkernel-mgr
iboverma
jkacur
jokerman
jross
jstancek
kernel-mgr
lgoncalv
matt
mcressma
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
sthangav
trankin
williams
yozone