Published: 06/08/2016 Updated: 28/11/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel up to and including 4.7, as used in Android prior to 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android
linux linux kernel

Several security issues were fixed in the Linux kernel ...

CWE-200 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071 http://source.android.com/security/bulletin/2016-08-01.html http://www.securityfocus.com/bid/92222 https://nvd.nist.gov https://usn.ubuntu.com/3358-1/

CVE-2014-9900

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect