Bugzilla – Bug 980851
VUL-1: CVE-2014-8181: kernel: In sg_io, blk_rq_map_user{,_iov} may allocate a set of bounce bufferpages to do the bio, if it find...
Last modified: 2016-05-20 09:33:17 UTC
CVE-2014-8181 Priority Low Description In sg_io, blk_rq_map_user{,_iov} may allocate a set of bounce buffer pages to do the bio, if it finds the user buffer cannot be directly mapped. But the allocated pages are not cleared. If the bounce buffer is also not written to by device, garbage data is left, and copied back to user in blk_rq_unmap_user. The allocated pages should be cleared. This also eliminates the risk of leaking sensitive information to userspace, which may have a security impact. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8181 Bugs https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8181 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8181 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8181.html
This bug was opened for reference only as mentioned inside the RedHat bug. "This flaw is specific to RHEL-7 and does not affect the current upstream kernel."