Generation of Error Message Containing Sensitive Information in luigirizzo/netmap
Feb 3rd 2022
In the Netmap source code, calls to
DbgPrint(); can be found to contain a formatting argument (
%p to be specific) yet no argument, this would (in most cases) lead to nearby data being printed to the debug stream.
This vulnerability is capable of allowing an attacker to read data from kernel-space (albeit a very small amount and almost certainly at locations that the attacker cannot specify) which may contain sensitive information.
DbgPrint("unimplemented generic_timer_handler %p\n");
All of the other occurances of this issue follow a similar format.
I can confirm the bug, but the Windows port is currently unmaintained and very likely unused.
Thanks for confirming the bug, if the Windows port is less used then I doubt anyone would have been bothered to exploit this which is good! I have submitted a pull request from a fork that has the patch (https://github.com/luigirizzo/netmap/pull/836) so if everything looks okay; could you validate this report and the fix?