Main Vulnerability Database Vulnerabilities #VU92452

Information exposure in Linux kernel - CVE-2015-8950

Published: October 10, 2016 / Updated: November 28, 2016

Vulnerability identifier: #VU92452

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-8950

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to information exposure error within the __alloc_from_pool() and __dma_alloc_coherent() functions in arch/arm64/mm/dma-mapping.c. A local non-authenticated attacker can gain access to sensitive information.

How to mitigate CVE-2015-8950

Install update from vendor's repository.

Sources

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5
http://source.android.com/security/bulletin/2016-10-01.html
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
http://www.securityfocus.com/bid/93318
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8

Information exposure in Linux kernel - CVE-2015-8950

Detailed vulnerability description

How to mitigate CVE-2015-8950

Sources

Please verify you're human