5.5

CVE-2015-8950

EPSS 0.15%
Published 10.10.2016 10:59:01
Last modified 12.04.2025 10:46:40
Source security@android.com
Teams watchlist Login
Open Login

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.358

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3

Release Notes

http://source.android.com/security/bulletin/2016-10-01.html

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5

Patch

Issue Tracking

http://www.securityfocus.com/bid/93318

https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5

Patch

Issue Tracking

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-8950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8950

EUVD