Linux kernel < 4.14.111 drivers/net/wan/lmc/lmc_main.c kernel address dumps to user space

[Fuqian Huang <huangfq.daxian () gmail com>]

In drivers/net/wan/lmc/lmc_main.c:510,
lmc_ioctl will dump the address of data to dmesg when xc.command is
lmc_xilinx_load, which allows local user to read the kernel address.

int lmc_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) /*fold00*/
{
    ...
    case lmc_xilinx_load: /*fold02*/
        ...
            printk("%s: Starting load of data Len: %d at 0x%p ==
0x%p\n", dev->name, xc.len, xc.data, data);
}