Vigil@nce: Linux kernel, memory disclosure via tcf_act_police_dump
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the tcf_act_police_dump() function in order to
read kernel data.
– Severity: 1/4
– Creation date: 20/10/2010
DESCRIPTION OF THE VULNERABILITY
The tcf_act_police_dump() function of the net/sched/act_police.c
file manipulates network packets in the kernel.
However, this function does not initialize the "limit" and "capab"
fields of the tc_police structure. Some bytes are therefore leaked
to the caller.
An attacker can therefore use the tcf_act_police_dump() function
in order to read kernel data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-disclosure-via-tcf-act-police-dump-10054