CVE-2015-7884

Published: 28/12/2015 Updated: 07/12/2016

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 2.3 | Impact Score: 1.4 | Exploitability Score: 0.8

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel up to and including 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the kernel ...

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osdc in the Linux kernel through 433 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application ...

CWE-200 https://bugzilla.redhat.com/show_bug.cgi?id=1274726 https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c http://www.openwall.com/lists/oss-security/2015/10/21/8 http://www.securityfocus.com/bid/77317 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.securitytracker.com/id/1034893 http://www.ubuntu.com/usn/USN-2843-1 http://www.ubuntu.com/usn/USN-2842-2 http://www.ubuntu.com/usn/USN-2843-3 http://www.ubuntu.com/usn/USN-2842-1 http://www.ubuntu.com/usn/USN-2843-2 https://nvd.nist.gov https://usn.ubuntu.com/2843-3/

CVE-2015-7884

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect