http://bugzilla.novell.com/show_bug.cgi?id=1118212 Bug ID: 1118212 Summary: Misbehaving SATA device leaks kernel memory pages to unprivileged user Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: hnch@gmx.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Build Identifier: I own a SATA controller that employs an onboard port multiplier. If no SATA devices are attached, instead the port multiplier's config memory is presented as only SATA device. Its capacity is reported erroneously (100MiB) and read accesses beyond its actual size (~80KiB) return random kernel memory pages. Please find attached: - Screenshot showing kernel version and user's group membership. - dmesg output - Partial hex dumps of the device in question (/dev/sdb) for 2 different boots (cold boot and with X running) - different binwalks (with cold boot, X running and warm boot) Reproducible: Always Steps to Reproduce: 1. usermod -a -G disk user 2. hexdump -C /dev/sdX 3. binwalk /dev/sdX Actual Results: Kernel memory is leaked. Expected Results: No read beyond actual capacity, only error messages, or zeroed blocks. SATA controller in question https://twitter.com/hennichodernich/status/1069691086954749953 -- You are receiving this mail because: You are on the CC list for the bug.