Vigil@nce - Linux kernel: information disclosure via rds_sysctl_rds_table
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a memory fragment of llc2_timeout_table
of the Linux kernel, in order to obtain sensitive information.
– Impacted products: Linux
– Severity: 1/4
– Creation date: 23/02/2015
DESCRIPTION OF THE VULNERABILITY
The Linux kernel implements RDS (Reliable Datagram Sockets).
However, the rds_sysctl_rds_table structure uses a default size
which is too long, so the net/rds/sysctl.c file does not
initialize a memory area before returning it to the user.
A local attacker can therefore read a memory fragment from
rds_sysctl_rds_table of the Linux kernel, in order to obtain
sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-rds-sysctl-rds-table-16240