Opened 8 years ago
Last modified 7 years ago
#15167 closed task
Kernel Address Info Leak — at Version 1
Reported by: | wcrobert | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox 5.0.14 |
Keywords: | info leak | Cc: | |
Guest type: | other | Host type: | Linux |
Description (last modified by )
I reported this via secalert_us@… and was told to resubmit here:
vbox kernel module seems to printk kernel addresses that get picked up by syslog. This information could be used by someone who has gained uid/gid syslog adm (On Ubuntu) to successfully chain an attack to kernel data structures (thus defeating ASLR). Information from /proc/modules is sanitized for non-root users.
The requested fix is to stop printing out kernel addresses.
Host $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.4 LTS Release: 14.04 Codename: trusty
$uname -a Linux wcrobert-MOBL1 3.19.0-18-generic #18~14.04.1-Ubuntu SMP Wed May 20 09:38:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
VBox Version: Version 5.0.14 r105127
What I found in syslog:
Feb 11 11:27:57 wcrobert-MOBL1 kernel: [ 5.881847] vboxdrv: Found 4 processor cores Feb 11 11:27:57 wcrobert-MOBL1 kernel: [ 5.901307] vboxdrv: TSC mode is Invariant, tentative frequency 2593993759 Hz Feb 11 11:27:57 wcrobert-MOBL1 kernel: [ 5.901310] vboxdrv: Successfully loaded version 5.0.14 (interface 0x00240000) Feb 11 11:27:57 wcrobert-MOBL1 kernel: [ 6.112417] vboxpci: IOMMU not found (not registered) Feb 11 12:16:23 wcrobert-MOBL1 kernel: [ 2913.482380] vboxdrv: ffffffffc0000020 VMMR0.r0 Feb 11 12:16:23 wcrobert-MOBL1 kernel: [ 2913.571393] vboxdrv: ffffffffc00fa020 VBoxDDR0.r0 Feb 11 12:16:23 wcrobert-MOBL1 kernel: [ 2913.572892] vboxdrv: ffffffffc0119020 VBoxDD2R0.r0 Feb 11 12:16:23 wcrobert-MOBL1 kernel: [ 2913.606759] vboxdrv: ffffffffc011d020 VBoxEhciR0.r0