CVE-2015-8950
MEDIUMLinux Kernel < 4.0.3 - Information Disclosure via Uninitialized DMA Memory
Title source: llmDescription
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
References (6)
Core 6
Core References
Issue Tracking, Patch x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8
Issue Tracking, Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5
Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-10-01.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93318
Release Notes x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
Issue Tracking, Patch x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5
Scores
CVSS v3
5.5
EPSS
0.0146
EPSS Percentile
70.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
linux/linux_kernel
< 4.0.2
Published
Oct 10, 2016
Tracked Since
Feb 18, 2026