Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the romfs_dev_read function in romfs_dev_read. By using a specially-crafted file, an attacker could exploit this vulnerability to obtain uninitialized memory information in userspace. Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=2077 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1894913]
This was fixed for Fedora with the 5.8.4 stable kernel updates.