Generation of Error Message Containing Sensitive Information in luigirizzo/netmap
Feb 3rd 2022
In the Netmap source code, calls to
DbgPrint(); can be found to contain a formatting argument (
%p to be specific) yet no argument, this would (in most cases) lead to nearby data being printed to the debug stream.
This vulnerability is capable of allowing an attacker to read data from kernel-space (albeit a very small amount and almost certainly at locations that the attacker cannot specify) which may contain sensitive information.