Bug 515486 (CVE-2014-0206)

Summary:	Kernel: aio: insufficient sanitization of head in aio_read_events_ring() (CVE-2014-0206)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2014-06-27 08:06:34 UTC

CVE-2014-0206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0206):
  Array index error in the aio_read_events_ring function in fs/aio.c in the 
  Linux kernel through 3.15.1 allows local users to obtain sensitive information 
  from kernel memory via a large head value.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-06-27 15:41:59 UTC

From https://bugzilla.redhat.com/show_bug.cgi?id=1094602: 

Proposed upstream patches:
  https://lkml.org/lkml/2014/6/24/619
  https://lkml.org/lkml/2014/6/24/623

Further cleanup for (at least) 3.10 branch at 
http://www.spinics.net/lists/stable/msg51486.html
http://www.spinics.net/lists/stable/msg51487.html

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:02:03 UTC

CVE-2014-0206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0206):
  Array index error in the aio_read_events_ring function in fs/aio.c in the
  Linux kernel through 3.15.1 allows local users to obtain sensitive
  information from kernel memory via a large head value.

Comment 3 John Helmert III archtester

2022-03-25 22:16:25 UTC

Fix in 3.16, https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a