oss-sec mailing list archives
CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
From: Wade Mealing <wmealing () redhat com>
Date: Wed, 9 May 2018 15:20:03 +1000
Gday, A flaw was found in the vhost_new_msg() function which does not properly initialize memory in messages passed between virtual guests and the host operating system. This can allow local privileged users to read previously set kernel memory contents when reading from the /dev/vhost-net device file. This would be classified as an information leak that could be used to defeat other protection mechanisms. As far as I can tell this information doesn't flow to guests, only to the parent system which is hosting the virtual machines. Upstream post: https://lkml.org/lkml/2018/4/27/833 https://bugzilla.redhat.com/show_bug.cgi?id=1573699 Thanks -- Wade Mealing Product Security - Kernel, RHCE Red Hat
Current thread:
- CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() Wade Mealing (May 08)