Fuqian Huang

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.14.90 Description: The issue concerns the `print binder ref olocked` function in the Linux kernel, which allows local users to obtain sensitive address information. This is achieved by reading specific lines in a debugfs file, namely "ref *desc *node" lines. Recommendations: For Linux kernel version 4.14.90, consider restricting access to the debugfs file to minimize the risk of exploitation. As a temporary workaround, limiting the ability of local users to read sensitive information from the debugfs file may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.14.90 Description: The issue allows local users to obtain sensitive address information by reading specific lines in a debugfs file. This is due to a problem in the print binder transaction ilocked function in drivers/android/binder.c. Recommendations: For Linux kernel version 4.14.90, consider restricting access to the debugfs file to minimize the risk of exploitation. As a temporary workaround, limiting read access to the debugfs file may help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.14.90 Description: The issue concerns the `hidma chan stats` function in the Linux kernel, which allows local users to obtain sensitive address information. This is achieved by reading `callback=` lines in a debugfs file. Recommendations: For Linux kernel version 4.14.90, consider restricting access to the debugfs file to minimize the risk of exploitation. As a temporary workaround, limiting the readability of the `callback=` lines may help mitigate the issue until a patch is available.