5.5

CVE-2015-8950

EPSS 0.15%
Veröffentlicht 10.10.2016 10:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@android.com
Teams Watchlist Login
Unerledigt Login

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3

Release Notes

http://source.android.com/security/bulletin/2016-10-01.html

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5

Patch

Issue Tracking

http://www.securityfocus.com/bid/93318

https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5

Patch

Issue Tracking

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-8950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8950

EUVD