[SRU][Trusty][PATCH 0/1] Fix for CVE-2017-14991
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Wed Jul 11 15:45:24 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14991.html
Description:
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before
4.13.4 allows local users to obtain sensitive information from
uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE
ioctl call for /dev/sg0.
Ubuntu-Description:
It was discovered that the generic SCSI driver in the Linux kernel did not
properly initialize data returned to user space in some situations. A local
attacker could use this to expose sensitive information (kernel memory).
A simple backport of the fix is needed for Trusty, which doesn't have
the sg table fill code on a separate function (introduced by
4759df905a47 - scsi: sg: factor out sg_fill_request_table()).
Hannes Reinecke (1):
scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
drivers/scsi/sg.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list