Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30912
HistoryJun 26, 2014 - 12:00 a.m.

[oss-security] CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents()

2014-06-2600:00:00
vulners.com
24
JSON

A kernel memory disclosure was introduced in aio_read_events_ring() in
v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes
made to aio_read_events_ring() failed to correctly limit the index into
ctx->ring_pages[], allowing an attacker to cause the subsequent kmap()
of an arbitrary page with a copy_to_user() to copy the contents into
userspace.

Upstream patches:

https://lkml.org/lkml/2014/6/24/619
https://lkml.org/lkml/2014/6/24/623

This issue was discovered by Mateusz Guzik of Red Hat.

– Petr Matousek / Red Hat Product Security PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA

JSON