[Suggested description] The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
[Additional Information] through 4.16.rc4
[VulnerabilityType Other] infoleak
[Vendor of Product] linux
[Affected Product Code Base] linux kernel - >=3.12.rc1
[Affected Component] /drivers/block/aoe/aoeblk.c
static int aoedisk_debugfs_show(struct seq_file *s, void *ignored) { ... seq_printf(s, "ffree: %p\n", list_empty(&(*t)->ffree) ? NULL : (*t)->ffree.next); ...
}
[Attack Type] Local
[Impact Information Disclosure] true
[Attack Vectors]
- modprobe aoe
- setup aoe disk network
- cat /sys/kernel/debug/aoe/etherd/e*
[Reference] https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/block/aoe/aoeblk.c
[Discoverer] ADLab of VenusTech