SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
SecurityTracker Alert ID:  1033211
SecurityTracker URL:  http://securitytracker.com/id/1033211
CVE Reference:   CVE-2015-5697   (Links to External Site)
Date:  Aug 7 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user can obtain potentially sensitive information from system memory.

When a bitmap file is requested for a device via get_bitmap_file() and bitmap is disabled, the system does not properly initialize the requested buffer. A local user can exploit this flaw in the md driver to read up to 4095 bytes of kernel memory.

Impact:   A local user can obtain potentially sensitive information from uninitialized memory on the target system.
Solution:   The vendor has issued a source code fix, available at:

http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 7 2015 (Oracle Issues Fix for Oracle Linux) Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
Oracle has issued a fix for Oracle Linux 5 and 6 (Unbreakable).
Aug 7 2015 (Oracle Issues Fix for Oracle Linux) Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Sep 29 2015 (Ubuntu Issues Fix) Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS.
Sep 30 2015 (Ubuntu Issues Fix) Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
Ubuntu has issued a fix for Ubuntu Linux 15.04.
Nov 13 2015 (Oracle Issues Fix for Oracle Linux) Linux md Driver Initialization Flaw Lets Local Users View Portions of System Memory on the Target System
Oracle has issued a fix for Oracle Linux 6 and 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC