CVE-2016-4482 - Vulncode-DB

CVE-2016-4482 (NVD)

2016-05-23

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Products	Ubuntu_linux, Fedora, Linux_kernel, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_live_patching, Suse_linux_enterprise_module_for_public_cloud, Suse_linux_enterprise_real_time_extension, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension
Type	Information Exposure (CWE-200)
First patch	https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
Relevant file/s	./drivers/usb/core/devio.c (modified, +5, -4)
Links	• http://www.ubuntu.com/usn/USN-3017-3 • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html • http://www.ubuntu.com/usn/USN-3016-2 • http://www.ubuntu.com/usn/USN-3018-1 • http://www.ubuntu.com/usn/USN-3016-3 More/Less (22) • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee • http://www.ubuntu.com/usn/USN-3017-1 • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html • http://www.ubuntu.com/usn/USN-3016-4 • http://www.ubuntu.com/usn/USN-3020-1 • http://www.openwall.com/lists/oss-security/2016/05/04/2 • http://www.ubuntu.com/usn/USN-3016-1 • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html • http://www.ubuntu.com/usn/USN-3021-1 • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html • http://www.ubuntu.com/usn/USN-3017-2 • http://www.ubuntu.com/usn/USN-3021-2 • http://www.securityfocus.com/bid/90029 • http://www.ubuntu.com/usn/USN-3019-1 • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html • http://www.ubuntu.com/usn/USN-3018-2 • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html • http://www.debian.org/security/2016/dsa-3607 • https://bugzilla.redhat.com/show_bug.cgi?id=1332931

linux - Tree: 681fef8380

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: