** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1834364
Title:
[linux-azure] Potential Hyper-V infoleak in NVMe Direct
Status in linux-azure package in Ubuntu:
New
Bug description:
The standard Linux NVMe driver allocates a kernel memory buffer that
is passed to the NVMe controller, but the driver does not initialize
the memory buffer to zero or any other value. It invokes the NVMe
function, which, in a Hyper-V guest, may not fill the entire buffer.
The driver then copies the buffer, including potentially uninitialized
bytes, back to user space.
This has been fixed in Linux 4.20 with the following two patches (the
1st patch had a bug, so the 2nd patch fixed the 1st patch). The
commits appear to have been cc'd to upstream stable. However, since
this is a security issue, we wanted to get them pulled into the linux-
azure kernels.
f3587d76da05 ("block: Clear kernel memory before copying to user")
f55adad601c6 ("block/bio: Do not zero user pages")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1834364/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
