Information Leak in Linux Kernel Affects Habanalabs Driver
CVE-2023-50431

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 9 December 2023

Summary

The vulnerability in the Linux kernel's Habanalabs driver allows sensitive information to leak into user space due to the uninitialized padding in the data structure. This occurs specifically in the sec_attest_info function within the habanalabs_ioctl.c file. The failure to initialize info->pad0 may expose system information that could be exploited by malicious users to gain unauthorized access or insights into the kernel's internal operations, thus highlighting the need for proper input validation and initialization in critical system components.

References

https://lists.freedesktop.org/archives/dri-devel/2023-Nov...

https://git.kernel.org/cgit/linux/kernel/git/torvalds/lin...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2023
Vulnerability Reserved
Dec 9, 2023