[PATCH 0/1] [xenial/linux] CVE-2018-7754, CVE-2018-5995, CVE-2018-5953
Tim Gardner
tim.gardner at canonical.com
Thu Mar 18 18:09:13 UTC 2021
[Impact]
CVE-2018-5995
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through
4.14.14 allows local users to obtain sensitive address information by reading
dmesg data from a “pages/cpu” printk call.
CVE-2018-7754
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux
kernel through 4.16.4rc4 allows local users to obtain sensitive address
information by reading “ffree: ” lines in a debugfs file.
CVE-2018-5953
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through
4.14.14 allows local users to obtain sensitive address information by reading
dmesg data from a “software IO TLB” printk call.
[Test Plan]
#
# This result indicates that the 64 bit pointer has had the 32 MSBs masked off, but the
# random number generator has not been initialized. Hence the value '(ptrval)'.
#
dmesg | grep PERCPU
[ 0.000000] PERCPU: Embedded 33 pages/cpu @ (ptrval) s95640 r8192 d31336 u262144
#
# The print tests all pass
#
sudo modprobe test_printf
test_printf: All 96 tests passed
[Where problems could occur]
Patch released in v4.15. User space that depends on scraping pointers from the kernel circular
buffer will stop working.
More information about the kernel-team
mailing list