The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
https://www.exploit-db.com/exploits/42048/ | exploit |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07 | issue tracking third party advisory patch |
https://source.android.com/security/bulletin/2017-09-01 | |
https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07 | issue tracking third party advisory patch |
http://www.securityfocus.com/bid/98635 | vdb entry |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1251 | issue tracking third party advisory patch |
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1 | release notes vendor advisory |