Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
52 lines (36 sloc) 1.22 KB

[Suggested description] The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.

[VulnerabilityType Other] local Information Disclosure

[Vendor of Product] linux kernel

[Affected Product Code Base] linux kernel - >=v2.6.32-rc1

[Affected Component] source file : mm/percpu.c function: int __init pcpu_embed_first_chunk { ... pr_info("PERCPU: Embedded %zu pages/cpu @%p s%zu r%zu d%zu u%zu\n", PFN_DOWN(size_sum), base, ai->static_size, ai->reserved_size, ai->dyn_size, ai->unit_size); }

[Attack Type] Local

[Impact Information Disclosure] true

[Attack Vectors] dmesg | grep "pages/cpu" //we can get a kernel obj address 0.000000] percpu: Embedded 46 pages/cpu @ffff99c9aec00000 s149784 r8192 d30440 u524288

[Discoverer] ADLab of VenusTech