Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8950

Опубликовано: 28 янв. 2016
Источник: redhat
CVSS3: 3.3
CVSS2: 1.9
EPSS Низкий

Описание

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

A flaw was found in the Linux kernel which does not initialize certain data structures used by DMA transfer on ARM64 based systems. This could allow local users to obtain sensitive information from kernel memory by triggering a dma_mmap call and reconstructing the data.

Отчет

This issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-456
https://bugzilla.redhat.com/show_bug.cgi?id=1383382kernel: Missing cleaning of allocated buffers

EPSS

Процентиль: 35%
0.00147
Низкий

3.3 Low

CVSS3

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8950

CVSS3: 5.5
ubuntu
больше 9 лет назад

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

nvd логотип

CVE-2015-8950

CVSS3: 5.5
nvd
больше 9 лет назад

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

debian логотип

CVE-2015-8950

CVSS3: 5.5
debian
больше 9 лет назад

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...

github логотип

GHSA-2hcm-qr2j-ggcj

CVSS3: 5.5
github
больше 3 лет назад

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

EPSS

Процентиль: 35%
0.00147
Низкий

3.3 Low

CVSS3

1.9 Low

CVSS2