The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel up to and including 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
linux linux kernel |
||
novell suse linux enterprise module for public cloud 12.0 |
||
novell suse linux enterprise server 11.0 |
||
novell suse linux enterprise server 12.0 |
||
novell suse linux enterprise live patching 12.0 |
||
novell suse linux enterprise desktop 12.0 |
||
novell suse linux enterprise real time extension 12.0 |
||
novell suse linux enterprise workstation extension 12.0 |
||
novell suse linux enterprise debuginfo 11.0 |
||
novell suse linux enterprise software development kit 11.0 |
||
novell suse linux enterprise software development kit 12.0 |
||
fedoraproject fedora 24 |