The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel up to and including 4.7, as used in Android prior to 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
||
linux linux kernel |