Note:
This project will be discontinued after December 13, 2021. [more]
2016-05-23
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Navigation
Patch data:
Patched area:
(on by default)
Patched area: