Note:
This project will be discontinued after December 13, 2021. [more]
2017-09-05
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
| Products | Linux_kernel |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.debian.org/security/2017/dsa-3981
• https://usn.ubuntu.com/3583-1/ • https://github.com/torvalds/linux/pull/441 • https://marc.info/?l=linux-kernel&m=150453196710422&w=2 • http://www.securityfocus.com/bid/100634 |