Potential info leak: Kernel pointer leak?

From: Fuqian Huang
Date: Tue Jan 22 2019 - 08:25:01 EST

Next message: Joerg Roedel: "Re: [PATCH] dma-debug: add dumping facility via debugfs"
Previous message: Heikki Krogerus: "Re: [RFC PATCH 3/5] usb: roles: Find the muxes by also matching against the device node"
Next in thread: Vinod Koul: "Re: Potential info leak: Kernel pointer leak?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, recently I came across some code and it seems to be able to leak
kernel address?
Is the following code cause info leak in the Linux kernel?
The callback function address is printed to debugfs.
The local user could know the kernel object address, and is able to
bypass kASLR.
linux-4.14.90
drivers/dma/qcom/hidma_dbg.c:46
function - hidma_ll_chstats

The hidma_ll_chstats function in drivers/dma/qcom/hidma_dbg.c in the
Linux kernel 4.14.90 allows local users to obtain sensitive address
information by reading "callback=" lines in a debugfs file.

Similar to CVE-2018-7754

Next message: Joerg Roedel: "Re: [PATCH] dma-debug: add dumping facility via debugfs"
Previous message: Heikki Krogerus: "Re: [RFC PATCH 3/5] usb: roles: Find the muxes by also matching against the device node"
Next in thread: Vinod Koul: "Re: Potential info leak: Kernel pointer leak?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]