Hi Fuqian Huang, On Sat, Apr 13, 2019 at 12:02:12PM +0800, Fuqian Huang wrote: > > [Suggested description] > > The print_binder_ref_olocked function in drivers/android/binder.c in > > the Linux kernel 4.14.90 allows local users to obtain sensitive address > > information by reading " ref *desc *node" lines in a debugfs file. > > > > ------------------------------------------ > > > > [VulnerabilityType Other] > > CWE-200 > > > > ------------------------------------------ > > > > [Vendor of Product] > > Debian GNU/Linux > > > > ------------------------------------------ > > > > [Affected Product Code Base] > > Linux - 4.14.90 > > > > ------------------------------------------ > > > > [Attack Type] > > Local > > > > ------------------------------------------ > > > > [Impact Information Disclosure] > > true > > > > ------------------------------------------ > > > > [Discoverer] > > Fuqian Huang > > > > ------------------------------------------ > > > > [Reference] > > https://elixir.bootlin.com/linux/v4.14.90/source/drivers/android/binder.c
Please report your findings to upstream. Please keep in mind that he debian-security-tracker mailinglist is furthermore specific for discussions and bugs regarding the Debian security tracker. Regards, Salvatore