• CENTRE D’URGENCE | 24/7
  • Vous êtes victime d’une cyberattaque ?
  • Contactez notre centre d’urgence cyber :
  • +33 (0)1 83 07 00 06

Linux Kernel 3.9.5 information leak in cdrom driver

Linux Kernel contains a flaw in the _mmc_ioctl_cdrom_read_data()_ function in _drivers/cdrom/cdrom.c_ that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when reading a block from the user's system, which can result in the associated buffer not being completely filled. This may allow a local attacker to gain access to arbitrary information stored within the kernel memory.

juillet 5, 2013

Description

Linux Kernel contains a flaw in the mmc_ioctl_cdrom_read_data() function in drivers/cdrom/cdrom.c that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when reading a block from the user’s system, which can result in the associated buffer not being completely filled. This may allow a local attacker to gain access to arbitrary information stored within the kernel memory.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Input Manipulation
Version: Kernel 3.9.5
Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified

References

CVE ID: CVE-2013-2164
Mail List Post: http://seclists.org/oss-sec/2013/q2/500
Commit patch: 050e4b8fb7cdd7096c987a9cd556029c622c7fe2
Credit: Jonathan Salwan (Sysdream Security Lab)