Re: [PATCH 4.14] scsi:be2iscsi: Fix a kernel address leakage in be_main.c

On Tue, Apr 16, 2019 at 03:06:34PM +0800, Fuqian Huang wrote: > Outputting kernel addresses will reveal the locations of kernel code > and data. And there is no need to print the address of a global object > beiscsi_iscsi_transport in beiscsi_module_init. > This case is similar to CVE-2018-7273[1]

[PATCH 4.14] scsi:be2iscsi: Fix a kernel address leakage in be_main.c

Outputting kernel addresses will reveal the locations of kernel code and data. And there is no need to print the address of a global object beiscsi_iscsi_transport in beiscsi_module_init. This case is similar to CVE-2018-7273[1]. Just remove the print statement. [1] https://cve.mitre.org/cgi-bin/