APPLIED: [PATCH 0/1] [xenial/linux] CVE-2018-7754, CVE-2018-5995, CVE-2018-5953
Tim Gardner
tim.gardner at canonical.com
Wed Mar 24 12:06:42 UTC 2021
Applied to xenial/master-next. Thanks.
-rtg
On 3/18/21 12:09 PM, Tim Gardner wrote:
> [Impact]
>
> CVE-2018-5995
> The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through
> 4.14.14 allows local users to obtain sensitive address information by reading
> dmesg data from a “pages/cpu” printk call.
>
> CVE-2018-7754
> The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux
> kernel through 4.16.4rc4 allows local users to obtain sensitive address
> information by reading “ffree: ” lines in a debugfs file.
>
> CVE-2018-5953
> The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through
> 4.14.14 allows local users to obtain sensitive address information by reading
> dmesg data from a “software IO TLB” printk call.
>
> [Test Plan]
> #
> # This result indicates that the 64 bit pointer has had the 32 MSBs masked off, but the
> # random number generator has not been initialized. Hence the value '(ptrval)'.
> #
> dmesg | grep PERCPU
> [ 0.000000] PERCPU: Embedded 33 pages/cpu @ (ptrval) s95640 r8192 d31336 u262144
>
> #
> # The print tests all pass
> #
> sudo modprobe test_printf
> test_printf: All 96 tests passed
>
> [Where problems could occur]
> Patch released in v4.15. User space that depends on scraping pointers from the kernel circular
> buffer will stop working.
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list