Linux kernel that is built with CONFIG_POSIX_TIMERES
and CONFIG_CHECKPOINT_RESTORE
is vulnerable to information disclosure. An out-of-bounds access in the show_timer
function in the timer_create syscall
implementation in kernel/time/posix-timers.c
allows userspace applications to read arbitrary kernel memory containing confidential information. This is due to an improper validation of the sigevent->sigev_notify
field when /proc/$PID/timers
is read.
www.securityfocus.com/bid/104909
www.securitytracker.com/id/1041414
access.redhat.com/articles/3553061
access.redhat.com/articles/3674801
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/errata/RHSA-2018:3459
access.redhat.com/errata/RHSA-2018:3540
access.redhat.com/errata/RHSA-2018:3586
access.redhat.com/errata/RHSA-2018:3590
access.redhat.com/errata/RHSA-2018:3591
access.redhat.com/security/updates/classification/#important
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe
usn.ubuntu.com/3742-1/
usn.ubuntu.com/3742-2/
www.exploit-db.com/exploits/45175/