Re: rng_dev_read: Kernel memory exposure attempt detected from SLUB object 'kmalloc-64'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 10, 2018 at 10:02:38PM +0200, Ard Biesheuvel wrote:
> >> [146535.257274] tpm tpm0: A TPM error (379) occurred attempting get random
> >> [146535.257304] usercopy: Kernel memory exposure attempt detected from SLUB object 'kmalloc-64' (offset 0, size 379)!
> 
> The TPM return code '379' is returned from rng_get_data(), and
> interpreted as a byte count rather than an error code.

So there are two bugs here.  Once is in the TPM hw_random driver; it
shouldn't be returning the TPM error code.  The second is that
rng_dev_read() should be more suspicious and validate the number of
bytes returned from the low-level hw_random driver for sanity.

      	       	    		  	    - Ted



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux