CVE-2014-8181
First published: Fri May 13 2016(Updated: )
In sg_io, blk_rq_map_user{,_iov} may allocate a set of bounce buffer pages to do the bio, if it finds the user buffer cannot be directly mapped. But the allocated pages are not cleared. If the bounce buffer is also not written to by device, garbage data is left, and copied back to user in blk_rq_unmap_user. The allocated pages should be cleared. This also eliminates the risk of leaking sensitive information to userspace, which may have a security impact. This flaw is specific to RHEL-7 and does not affect the current upstream kernel.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Mrg | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8181
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0