CVE-2015-8950 Information

Feb 14, 2021 cve

Description

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3 as used in the ION subsystem in Android and other products does not initialize certain data structures which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5 http://source.android.com/security/bulletin/2016-10-01.html http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3 http://www.securityfocus.com/bid/93318 https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: