• Salva Peiró
  • Profile
  • Education
  • Publications
  • Projects
  • Archives



CVE-2015-7884: Kernel Infoleak vulnerability in vivid_fb_ioctl()

by speiro - Oct 22, 2015 - CVE-2015-7884, security, kernel, infoleak,

Summary

CVE CVE-2015-7884
Author Salva Peiró
Date October 2015 - Discovery of the vulnerability.
Impact The vulnerability discloses 16 bytes of kernel process stack.
Affected Versions From linux-3.17.0-rc1 to linux-4.3-rc6
Bug Timespan 1 year: from 2014 to 2015 commit ad4e02d5081d9da38b5b91886e5fa71f0505d607
Patch fix commit eda98796aff0d9bf41094b06811f5def3b4c333c

Description

The vivid_fb_ioctl() code fails to initialize the 16 reserved bytes of struct fb_vblank after the ->hcount member. Add an explicit memset(0) before filling the structure to avoid the info leak.

The patch fixing the Infoleak

After verification the patch that fixes the vulnerability has been …

more ...

CVE-2015-7885: Kernel Infoleak vulnerability in dgnc_mgmt_ioctl()

by speiro - Oct 22, 2015 - CVE-2015-7885, security, kernel, infoleak,

Summary

CVE CVE-2015-7885
Author Salva Peiró
Date October 2015 - Discovery of the vulnerability.
Impact The vulnerability discloses 16 bytes of kernel process stack.
Affected Versions From linux-3.11.0-rc3 to linux-4.3-rc6
Bug Timespan 2 years: from 2013 to 2015 commit 0b99d58902dd82fa51216eb8e0d6ddd8c43e90e4
Patch fix commit 4b6184336ebb5c8dc1eae7f7ab46ee608a748b05

Description

The dgnc_mgmt_ioctl() code fails to initialize the 16 reserved bytes of struct digi_dinfo after the ->dinfo_nboards member. Add an explicit memset(0) before filling the structure to avoid the info leak.

The patch fixing the Infoleak

After verification the patch that fixes the vulnerability has been …

more ...

Infoleaks

by speiro - May 31, 2014 - infoleak, vulnerabilities,

  • Detecting Stack based kernel Information leaks.
    S. Peiró, M. Muñoz, M. Masmano, and A. Crespo.
    Computational Intelligence in Security for Information Systems (CISIS14).
    Keywords Security, Operating Systems, Information disclosure, Vulnerability, Static analysis.

    Abstract The Linux kernel has become widely adopted in the mobile devices and cloud services, parallel to this has grown its abuse and misuse by attackers and malicious users. This has increased attention paid to kernel security through the deployment of kernel protection mechanisms. Kernel based attacks require reliability, kernel attack reliability is achieved through the information gathering stage where the attacker is able to gather enough information …

more ...

CVE-2014-1739: Kernel Infoleak vulnerability in media_enum_entities()

by speiro - Apr 28, 2014 - CVE-2014-1739, security, kernel, infoleak,

Summary

CVE CVE-2014-1739
Author Salva Peiró
Date April 2014 - Discovery of the vulnerability.
Impact The vulnerability discloses 200 bytes of kernel process stack.
Affected Versions From linux-2.6.38 to linux-3.15-rc3
Bug Timespan 3 years: 2011-03-23 to 2014-04-29 commit 1651333b

Description

During a code review of the kernel sources we found an infoleak vulnerability in the ioctl media_enum_entities() that allows to disclose 200 bytes the kernel process' stack. The vulnerability is exploitable on versions up to linux-3.15-rc3 by local users with read access to /dev/media0. Linux distributions ship with chmod …

more ...

  Categories

  • CVEs
  • Infoleaks
  • Learning
  • Techniques

  Activity

  • SPADV-2018-01
  • CVE-2016-3178
  • CVE-2015-7885
  • CVE-2015-7884
  • CVE-2014-1739
  • CVE-2014-1446
  • CVE-2014-1445

  Contact

  • Linkedin
  • ResearchGate
  • Atom feed