Vigil@nce: Linux kernel, memory reading via AGP
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can obtain fragments of the kernel memory via the
AGP driver.
Severity: 1/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
An AGP video device uses the drivers/char/agp/generic.c driver.
To optimize performances, some memory pages allocated in kernel
mode by the driver are then mapped to user mode. However, these
memory pages are not reset in agp_generic_alloc_page(). A local
user can thus read their content.
A local attacker can therefore obtain fragments of the kernel
memory via the AGP driver.
CHARACTERISTICS
Identifiers: CVE-2009-1192, VIGILANCE-VUL-8660
http://vigilance.fr/vulnerability/Linux-kernel-memory-reading-via-AGP-8660