Vigil@nce - Linux kernel: information disclosure via Compaq Smart
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Compaq Smart is enabled, a local attacker can use two ioctls,
in order to obtain fragments of the kernel memory.
Impacted products: Linux
Severity: 1/4
Creation date: 05/06/2013
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be compiled with:
– CONFIG_BLK_CPQ_DA : Compaq SMART2
– CONFIG_BLK_CPQ_CISS_DA : Compaq Smart Array 5xxx
The IDAGETPCIINFO and CCISS_PASSTHRU32 ioctls then return
information to users. However, the ida_locked_ioctl() and
cciss_ioctl32_passthru() functions do not initialize two
structures stored in memory.
When Compaq Smart is enabled, a local attacker can therefore use
two ioctls, in order to obtain fragments of the kernel memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-Compaq-Smart-12910