[trusty/linux artful/linux] CVE-2018-5750 -- raw pointer in diagnostics

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[trusty/linux artful/linux] CVE-2018-5750 -- raw pointer in diagnostics

Andy Whitcroft-3
CVE-2018-5750:
        Wang Qize discovered that an information disclosure vulnerability
        existed in the SMBus driver for ACPI Embedded Controllers in the
        Linux kernel. A local attacker could use this to expose sensitive
        information (kernel pointer addresses).

Cherrypicked this simple fix back to artful and trusty.  Other series
have this via stable and upstream.

Proposing for SRU to trusty and artful.

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[artful/linux trusty/linux 1/1] ACPI: sbshc: remove raw pointer from printk() message

Andy Whitcroft-3
From: Greg Kroah-Hartman <[hidden email]>

There's no need to be printing a raw kernel pointer to the kernel log at
every boot.  So just remove it, and change the whole message to use the
correct dev_info() call at the same time.

Reported-by: Wang Qize <[hidden email]>
Cc: All applicable <[hidden email]>
Signed-off-by: Greg Kroah-Hartman <[hidden email]>
Signed-off-by: Rafael J. Wysocki <[hidden email]>

(cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6)
CVE-2018-5750
Signed-off-by: Andy Whitcroft <[hidden email]>
---
 drivers/acpi/sbshc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/acpi/sbshc.c b/drivers/acpi/sbshc.c
index 2fa8304171e0..7a3431018e0a 100644
--- a/drivers/acpi/sbshc.c
+++ b/drivers/acpi/sbshc.c
@@ -275,8 +275,8 @@ static int acpi_smbus_hc_add(struct acpi_device *device)
  device->driver_data = hc;
 
  acpi_ec_add_query_handler(hc->ec, hc->query_bit, NULL, smbus_alarm, hc);
- printk(KERN_INFO PREFIX "SBS HC: EC = 0x%p, offset = 0x%0x, query_bit = 0x%0x\n",
- hc->ec, hc->offset, hc->query_bit);
+ dev_info(&device->dev, "SBS HC: offset = 0x%0x, query_bit = 0x%0x\n",
+ hc->offset, hc->query_bit);
 
  return 0;
 }
--
2.17.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [artful/linux trusty/linux 1/1] ACPI: sbshc: remove raw pointer from printk() message

Colin King
On 29/05/18 15:45, Andy Whitcroft wrote:

> From: Greg Kroah-Hartman <[hidden email]>
>
> There's no need to be printing a raw kernel pointer to the kernel log at
> every boot.  So just remove it, and change the whole message to use the
> correct dev_info() call at the same time.
>
> Reported-by: Wang Qize <[hidden email]>
> Cc: All applicable <[hidden email]>
> Signed-off-by: Greg Kroah-Hartman <[hidden email]>
> Signed-off-by: Rafael J. Wysocki <[hidden email]>
>
> (cherry picked from commit 43cdd1b716b26f6af16da4e145b6578f98798bf6)
> CVE-2018-5750
> Signed-off-by: Andy Whitcroft <[hidden email]>
> ---
>  drivers/acpi/sbshc.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/acpi/sbshc.c b/drivers/acpi/sbshc.c
> index 2fa8304171e0..7a3431018e0a 100644
> --- a/drivers/acpi/sbshc.c
> +++ b/drivers/acpi/sbshc.c
> @@ -275,8 +275,8 @@ static int acpi_smbus_hc_add(struct acpi_device *device)
>   device->driver_data = hc;
>  
>   acpi_ec_add_query_handler(hc->ec, hc->query_bit, NULL, smbus_alarm, hc);
> - printk(KERN_INFO PREFIX "SBS HC: EC = 0x%p, offset = 0x%0x, query_bit = 0x%0x\n",
> - hc->ec, hc->offset, hc->query_bit);
> + dev_info(&device->dev, "SBS HC: offset = 0x%0x, query_bit = 0x%0x\n",
> + hc->offset, hc->query_bit);
>  
>   return 0;
>  }
>

Clean cherry-pick, straight forward fix.

Acked-by: Colin Ian King <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [artful/linux trusty/linux 1/1] ACPI: sbshc: remove raw pointer from printk() message

Thadeu Lima de Souza Cascardo-3
In reply to this post by Andy Whitcroft-3
Acked-by: Thadeu Lima de Souza Cascardo <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[APPLIED] [trusty/linux artful/linux] CVE-2018-5750 -- raw pointer in diagnostics

Andy Whitcroft-3
In reply to this post by Andy Whitcroft-3
Applied to trust/linux and artful/linux.

-apw

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team