Medium
A potential info leak of kernel private memory to userspace was found in the kernel’s implementation of core dumping userspace processes. An area of memory was allocated from free memory without being correctly initialized, this memory contents could contain kernel private information from previous executions and leak it to kernel space for any (probably local) user that is able to read the core dump. |
Exposure of sensitive data |
Linux
Linux Kernel
A possible mitigation would be to disable core dumps system-wide by setting: * hard core 0 In the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps. |