[Suggested description] The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
[VulnerabilityType Other] local Information Disclosure
[Vendor of Product] linux kernel
[Affected Product Code Base] linux kernel - >=v2.6.32-rc1
[Affected Component] source file : mm/percpu.c function: int __init pcpu_embed_first_chunk { ... pr_info("PERCPU: Embedded %zu pages/cpu @%p s%zu r%zu d%zu u%zu\n", PFN_DOWN(size_sum), base, ai->static_size, ai->reserved_size, ai->dyn_size, ai->unit_size); }
[Attack Type] Local
[Impact Information Disclosure] true
[Attack Vectors] dmesg | grep "pages/cpu" //we can get a kernel obj address 0.000000] percpu: Embedded 46 pages/cpu @ffff99c9aec00000 s149784 r8192 d30440 u524288
[Discoverer] ADLab of VenusTech