Vigil@nce - Linux kernel: memory fragment reading via crypto
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a cryptographic feature of the Linux
kernel, in order to obtain a memory fragment.
Impacted products: Linux
Severity: 1/4
Creation date: 07/03/2013
DESCRIPTION OF THE VULNERABILITY
The kernel implements cryptographic features.
The crypto_ablkcipher_report(), crypto_givcipher_report(),
crypto_aead_report(), etc. functions return the algorithm name to
the user. However, these functions use snprintf(), which does not
reinitialize the end of the array returned to the user.
A local attacker can therefore use a cryptographic feature of the
Linux kernel, in order to obtain a memory fragment.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-fragment-reading-via-crypto-12487