Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (43 sloc) 1.4 KB

[Suggested description] The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.


[Additional Information] through 4.16.rc4


[VulnerabilityType Other] infoleak


[Vendor of Product] linux


[Affected Product Code Base] linux kernel - >=3.12.rc1


[Affected Component] /drivers/block/aoe/aoeblk.c

static int aoedisk_debugfs_show(struct seq_file *s, void *ignored) { ... seq_printf(s, "ffree: %p\n", list_empty(&(*t)->ffree) ? NULL : (*t)->ffree.next); ...

}


[Attack Type] Local


[Impact Information Disclosure] true


[Attack Vectors]

  1. modprobe aoe
  2. setup aoe disk network
  3. cat /sys/kernel/debug/aoe/etherd/e*

[Reference] https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/block/aoe/aoeblk.c


[Discoverer] ADLab of VenusTech