ID:

CVE-2016-4482 (NVD)

- Vulnerability Info (edit)
2016-05-23

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Products fedora, linux_kernel, suse_linux_enterprise_debuginfo, suse_linux_enterprise_desktop, suse_linux_enterprise_live_patching, suse_linux_enterprise_module_for_public_cloud, suse_linux_enterprise_real_time_extension, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, suse_linux_enterprise_workstation_extension, ubuntu_linux
Type Information Exposure (CWE-200)
First patch
2016-05-03
https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
"USB: usbfs: fix potential infoleak in devio The stack object “ci” has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and leaked to userland via “copy_to_user”. Signed-off-by: Kangjie Lu <kjlu@gatech.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

Stats: +5 lines / -4 lines (total: 9 lines)
Patches http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee
Relevant file/s ./drivers/usb/core/devio.c (modified, +5, -4)
Links http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html
http://www.ubuntu.com/usn/USN-3019-1
http://www.ubuntu.com/usn/USN-3017-1
http://www.ubuntu.com/usn/USN-3017-2
http://www.ubuntu.com/usn/USN-3017-3
Annotation

Note:

This entry has not been annotated yet.

Please consider adding data:

linux - Tree: 681fef8380

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: