ACK: [PATCH 0/1] [xenial/linux] CVE-2018-7754, CVE-2018-5995, CVE-2018-5953
Kleber Souza
kleber.souza at canonical.com
Tue Mar 23 10:02:58 UTC 2021
On 18.03.21 19:09, Tim Gardner wrote:
> [Impact]
>
> CVE-2018-5995
> The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through
> 4.14.14 allows local users to obtain sensitive address information by reading
> dmesg data from a “pages/cpu” printk call.
>
> CVE-2018-7754
> The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux
> kernel through 4.16.4rc4 allows local users to obtain sensitive address
> information by reading “ffree: ” lines in a debugfs file.
>
> CVE-2018-5953
> The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through
> 4.14.14 allows local users to obtain sensitive address information by reading
> dmesg data from a “software IO TLB” printk call.
>
> [Test Plan]
> #
> # This result indicates that the 64 bit pointer has had the 32 MSBs masked off, but the
> # random number generator has not been initialized. Hence the value '(ptrval)'.
> #
> dmesg | grep PERCPU
> [ 0.000000] PERCPU: Embedded 33 pages/cpu @ (ptrval) s95640 r8192 d31336 u262144
>
> #
> # The print tests all pass
> #
> sudo modprobe test_printf
> test_printf: All 96 tests passed
>
> [Where problems could occur]
> Patch released in v4.15. User space that depends on scraping pointers from the kernel circular
> buffer will stop working.
>
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list