CVE-2015-8950

MEDIUM

Linux Kernel < 4.0.3 - Information Disclosure via Uninitialized DMA Memory

Title source: llm
STIX 2.1

Description

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

Scores

CVSS v3 5.5
EPSS 0.0146
EPSS Percentile 70.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
linux/linux_kernel < 4.0.2
Published Oct 10, 2016
Tracked Since Feb 18, 2026