Re: CVE-2018-20509
Hi Fuqian Huang,
On Sat, Apr 13, 2019 at 12:02:12PM +0800, Fuqian Huang wrote:
> > [Suggested description]
> > The print_binder_ref_olocked function in drivers/android/binder.c in
> > the Linux kernel 4.14.90 allows local users to obtain sensitive address
> > information by reading " ref *desc *node" lines in a debugfs file.
> >
> > ------------------------------------------
> >
> > [VulnerabilityType Other]
> > CWE-200
> >
> > ------------------------------------------
> >
> > [Vendor of Product]
> > Debian GNU/Linux
> >
> > ------------------------------------------
> >
> > [Affected Product Code Base]
> > Linux - 4.14.90
> >
> > ------------------------------------------
> >
> > [Attack Type]
> > Local
> >
> > ------------------------------------------
> >
> > [Impact Information Disclosure]
> > true
> >
> > ------------------------------------------
> >
> > [Discoverer]
> > Fuqian Huang
> >
> > ------------------------------------------
> >
> > [Reference]
> > https://elixir.bootlin.com/linux/v4.14.90/source/drivers/android/binder.c
Please report your findings to upstream.
Please keep in mind that he debian-security-tracker mailinglist is
furthermore specific for discussions and bugs regarding the Debian
security tracker.
Regards,
Salvatore
Reply to: