CVE-2013-6392
CVSS4.9
发布时间 :2013-11-29 21:55:04
修订时间 :2014-03-05 13:29:07
NMCOPS    

[原文]The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.


[CNNVD]Android For MSM Project 本地信息泄露漏洞(CNNVD-201311-453)

        Android for MSM是一个Android的MSM项目,该项目的主要目的是建立一个包含高通MSM芯片组的Android平台。Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
        Qualcomm Innovation Center (QuIC) Android contributions for MSM设备和其他产品中使用的Linux kernel 3.x版本的Genlock驱动设备中的genlock.c文件中的‘genlock_dev_ioctl’函数中存在信息泄露漏洞,该漏洞源于程序没有正确初始化结构的所有成员变量。本地攻击者可通过GENLOCK_IOC_EXPORT ioctl系统调用利用该漏洞获取敏感信息。

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/o:codeaurora:android-msm:3.4.79
cpe:/o:codeaurora:android-msm:3.10.25
cpe:/o:codeaurora:android-msm:3.13
cpe:/o:codeaurora:android-msm:3.4.78
cpe:/o:codeaurora:android-msm:3.10.24
cpe:/o:codeaurora:android-msm:3.4.73
cpe:/o:codeaurora:android-msm:3.4.72
cpe:/o:codeaurora:android-msm:3.4.75
cpe:/o:codeaurora:android-msm:3.4.74
cpe:/o:codeaurora:android-msm:3.4.77
cpe:/o:codeaurora:android-msm:3.10.23
cpe:/o:codeaurora:android-msm:3.4.76
cpe:/o:codeaurora:android-msm:3.10.22
cpe:/o:codeaurora:android-msm:3.12.5
cpe:/o:codeaurora:android-msm:3.14:rc2
cpe:/o:codeaurora:android-msm:3.12.4
cpe:/o:codeaurora:android-msm:3.12.7
cpe:/o:codeaurora:android-msm:3.12.6
cpe:/o:codeaurora:android-msm:3.12.3
cpe:/o:codeaurora:android-msm:3.13.2
cpe:/o:codeaurora:android-msm:3.13:rc6
cpe:/o:codeaurora:android-msm:3.13.1
cpe:/o:codeaurora:android-msm:3.13:rc5
cpe:/o:codeaurora:android-msm:3.13:rc8
cpe:/o:codeaurora:android-msm:3.13:rc7
cpe:/o:codeaurora:android-msm:3.12.9
cpe:/o:codeaurora:android-msm:3.13:rc2
cpe:/o:codeaurora:android-msm:3.12.8
cpe:/o:codeaurora:android-msm:3.13:rc1
cpe:/o:codeaurora:android-msm:3.14:rc1
cpe:/o:codeaurora:android-msm:3.13:rc4
cpe:/o:codeaurora:android-msm:3.13:rc3
cpe:/o:codeaurora:android-msm:3.10.26
cpe:/o:codeaurora:android-msm:3.10.27
cpe:/o:codeaurora:android-msm:3.12.10
cpe:/o:codeaurora:android-msm:3.2.54
cpe:/o:codeaurora:android-msm:3.10.28
cpe:/o:codeaurora:android-msm:3.10.29

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6392
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6392
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201311-453
(官方数据源) CNNVD

- 其它链接及资源

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
(PATCH)  CONFIRM  https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
http://openwall.com/lists/oss-security/2013/11/25/4
(UNKNOWN)  MLIST  [oss-security] 20131125 Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c

- 漏洞信息

Android For MSM Project 本地信息泄露漏洞
中危 信息泄露
2013-12-06 00:00:00 2013-12-06 00:00:00
本地  
        Android for MSM是一个Android的MSM项目,该项目的主要目的是建立一个包含高通MSM芯片组的Android平台。Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
        Qualcomm Innovation Center (QuIC) Android contributions for MSM设备和其他产品中使用的Linux kernel 3.x版本的Genlock驱动设备中的genlock.c文件中的‘genlock_dev_ioctl’函数中存在信息泄露漏洞,该漏洞源于程序没有正确初始化结构的所有成员变量。本地攻击者可通过GENLOCK_IOC_EXPORT ioctl系统调用利用该漏洞获取敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3

- 漏洞信息 (F124180)

Kernel MSM Memory Leak (PacketStormID:F124180)
2013-11-26 00:00:00
Jonathan Salwan  
advisory,kernel,memory leak
CVE-2013-6392
[点击下载]

Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.

Description
-----------

The Genlock driver does not properly initialize all members of a structure
before copying it to user space. This allows a local attacker to obtain
potentially sensitive information from kernel stack memory via ioctl system
calls.

Classification
--------------

Location: Local Access Required
Attack Type: Information Disclosure, Input Manipulation
Version: Kernel MSM < 3.10
Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified
CVE ID: CVE-2013-6392
CWE ID: CWE-200

References
----------

Credit: Jonathan Salwan
Mail List Post: http://seclists.org/oss-sec/2013/q4/334
Commit patch: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625

    

- 漏洞信息

100299
Code Aurora Android for MSM drivers/base/genlock.c genlock_dev_ioctl Function Local Kernel Memory Disclosure
Local Access Required Input Manipulation
Loss of Confidentiality Patch / RCS
Exploit Unknown Vendor Verified

- 漏洞描述

Code Aurora Android for MSM contains an uninitialized variable flaw in the genlock_dev_ioctl() function in drivers/base/genlock.c. The issue is triggered as all members of a structure are not properly initialized before being copied to user space. This may allow a local attacker to gain access to potentially sensitive kernel memory.

- 时间线

2013-10-25 Unknow
Unknow 2013-10-25

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (e.g. GIT, CVS, SVN) that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor links in the references section for more information.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel 'genlock_dev_ioctl()' Function Memory Leak Local Information Disclosure Vulnerability
Design Error 63909
No Yes
2013-11-25 12:00:00 2013-11-26 07:26:00
Jonathan Salwan

- 受影响的程序版本

Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.13
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 3.1.8
Linux kernel 3.0.5
Linux kernel 3.0.4
Linux kernel 3.0.2
Linux kernel 3.0.1
Linux kernel 2.6.39
Linux kernel 2.6.38
Linux kernel 2.6.37
Linux kernel 2.6.36
Linux kernel 2.6.35
Linux kernel 2.6.34
Linux kernel 2.6.33
Linux kernel 2.6.32
Linux kernel 2.6.31
Linux kernel 2.6.30
Linux kernel 2.6.28
Linux kernel 2.6.27
Linux kernel 2.6.26
Linux kernel 2.6.25
Linux kernel 2.6.24
Linux kernel 2.6.23
Linux kernel 2.6.22
Linux kernel 2.6.21
Linux kernel 2.6.19
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.17
Linux kernel 2.6.16
Linux kernel 2.6.15
Linux kernel 2.6.14
Linux kernel 2.6.13
Linux kernel 2.6.12
Linux kernel 2.6.11
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 3.2.2
Linux kernel 3.0.18
Linux kernel 3.0-rc4-git1
Linux kernel 3.0-rc1
Linux kernel 3.0
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Linux kernel 2.6.38.2
Linux kernel 2.6.37.2
Linux kernel 2.6.35.5
Linux kernel 2.6.35.4
Linux kernel 2.6.35.13
Linux kernel 2.6.35.1
Linux kernel 2.6.34.3
Linux kernel 2.6.34.2
Linux kernel 2.6.34.1
Linux kernel 2.6.33.7
Linux kernel 2.6.32.8
Linux kernel 2.6.32.7
Linux kernel 2.6.32.6
Linux kernel 2.6.32.5
Linux kernel 2.6.32.4
Linux kernel 2.6.32.3
Linux kernel 2.6.32.28
Linux kernel 2.6.32.22
Linux kernel 2.6.32.2
Linux kernel 2.6.32.18
Linux kernel 2.6.32.17
Linux kernel 2.6.32.16
Linux kernel 2.6.32.15
Linux kernel 2.6.32.14
Linux kernel 2.6.32.13
Linux kernel 2.6.32.12
Linux kernel 2.6.32.11
Linux kernel 2.6.32.10
Linux kernel 2.6.32.1
Linux kernel 2.6.31.6
Linux kernel 2.6.27.54
Linux kernel 2.6.27.51
Linux kernel 2.6.27.49
Linux kernel 2.6.26.1
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.24.6
Linux kernel 2.6.24.4
Linux kernel 2.6.24.3
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.16.9
Linux kernel 2.6.16.7
Linux kernel 2.6.16.19
Linux kernel 2.6.16.13
Linux kernel 2.6.16.12
Linux kernel 2.6.16.11
Linux kernel 2.6.15.5
Linux kernel 2.6.15.4
Linux kernel 2.6.14.3
Linux kernel 2.6.14.2
Linux kernel 2.6.14.1
Linux kernel 2.6.13.4
Linux kernel 2.6.13.3
Linux kernel 2.6.13.2
Linux kernel 2.6.13.1
Linux kernel 2.6.12.6
Linux kernel 2.6.12.5
Linux kernel 2.6.12.4
Linux kernel 2.6.12.3
Linux kernel 2.6.12.2
Linux kernel 2.6.12.1
Linux kernel 2.6.11.8
Linux kernel 2.6.11.7
Linux kernel 2.6.11.6
Linux kernel 2.6.11.5
Linux kernel 2.6.11.4
Linux kernel 2.6.0

- 漏洞讨论

Linux Kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to cause a memory leak to obtain sensitive information that may lead to further attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站