Vigil@nce: Linux kernel, reading memory on x86_64
June 2008 by Vigil@nce
SYNTHESIS
A local attacker, on a x86_64 processor, can use the
copy_user_generic() function in order to obtain kernel memory
fragments.
Gravity: 1/4
Consequences: data reading
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 26/06/2008
Identifier: VIGILANCE-VUL-7911
IMPACTED PRODUCTS
– Linux kernel [confidential versions]
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
The copy_user_generic() function copies data with exception
handling.
Its version for x86_64 processor, implemented in the
arch/x86_64/lib/copy_user.S file, does not reset the memory when
an exception occurs.
A local attacker can therefore throw an exception in order to
receive a fragment of kernel memory.
CHARACTERISTICS
Identifiers: 451271, BID-29943, CVE-2008-2729, RHSA-2008:0508-01,
RHSA-2008:0519-01, VIGILANCE-VUL-7911