Generation of Error Message Containing Sensitive Information in luigirizzo/netmap


Reported on

Feb 3rd 2022


In the Netmap source code, calls to DbgPrint(); can be found to contain a formatting argument (%p to be specific) yet no argument, this would (in most cases) lead to nearby data being printed to the debug stream.


This vulnerability is capable of allowing an attacker to read data from kernel-space (albeit a very small amount and almost certainly at locations that the attacker cannot specify) which may contain sensitive information.


DbgPrint("unimplemented generic_timer_handler %p\n");

All of the other occurances of this issue follow a similar format.

We are processing your report and will contact the luigirizzo/netmap team within 24 hours. a year ago
We created a GitHub Issue asking the maintainers to create a a year ago
We have contacted a member of the luigirizzo/netmap team and are waiting to hear back a year ago
a year ago


I can confirm the bug, but the Windows port is currently unmaintained and very likely unused.

Michael Rowley submitted a
a year ago
Michael Rowley submitted a
a year ago
Michael Rowley submitted a
a year ago
Michael Rowley
a year ago


Thanks for confirming the bug, if the Windows port is less used then I doubt anyone would have been bothered to exploit this which is good! I have submitted a pull request from a fork that has the patch ( so if everything looks okay; could you validate this report and the fix?

Thanks, Michael

luigirizzo validated this vulnerability a year ago
Michael Rowley has been awarded the disclosure bounty
The fix bounty is now up for grabs
luigirizzo marked this as fixed in Rolling with commit df7abd a year ago
Michael Rowley has been awarded the fix bounty
This vulnerability will not receive a CVE
netmap_windows.c#L971 has been validated
netmap_windows.c#L993 has been validated
netmap_windows.c#L999 has been validated
netmap_windows.c#L983 has been validated
to join this conversation