Vigil@nce: Linux kernel, information disclosure via USB
February 2010 by Vigil@nce
A local attacker, allowed to access to USB devices, can obtain
fragments of kernel memory.
– Severity: 1/4
– Consequences: data reading
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: medium (2/3)
– Creation date: 17/02/2010
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The processcompl() function of the drivers/usb/core/devio.c file
manages USB queries. Its access is reserved to root user, or to
privileged processes.
When an error occurs, this function still returns a copy of the
data buffer. However, this buffer was not initialized, and it thus
contains a fragment of kernel memory.
A local attacker, allowed to access to USB devices, can therefore
obtain fragments of kernel memory.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9456
– Url: http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-USB-9456