Vigil@nce - Linux kernel: information disclosure via genlock_dev_ioctl
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use GENLOCK_IOC_EXPORT on the Linux kernel,
to read a kernel memory fragment, in order to obtain sensitive
information.
Impacted products: Linux
Severity: 1/4
Creation date: 25/11/2013
DESCRIPTION OF THE VULNERABILITY
The genlock API provides locking features.
The GENLOCK_IOC_EXPORT ioctl is used to export a lock. The
genlock_dev_ioctl() function implements this ioctl. However, it
does not reset a kernel memory area before returning it to the
user.
A local attacker can therefore use GENLOCK_IOC_EXPORT on the Linux
kernel, to read a kernel memory fragment, in order to obtain
sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-genlock-dev-ioctl-13825