Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
28 lines (18 sloc) 835 Bytes

[Suggested description] The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

[Affected Product Code Base] linux kernel - >=v2.6.29-rc1


[Affected Component] [source code file] /lib/swiotlb.c function: swiotlb_print_info

[Attack Vectors] dmesg | grep "software IO TLB" //we can get a kernel obj address 1.258466] software IO TLB [mem 0x7a0c3000-0x7e0c3000] (64MB) mapped at [ffff938cba0c3000-ffff938cbe0c2fff]


[Discoverer] ADLab of VenusTech


[Reference] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/lib/swiotlb.c