CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5	Issue Tracking Patch
http://source.android.com/security/bulletin/2016-10-01.html	Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3	Release Notes
http://www.securityfocus.com/bid/93318
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5	Issue Tracking Patch
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-10-10 10:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-8950

Mitre link : CVE-2015-8950

CVE.ORG link : CVE-2015-8950

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-8950", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2016-10-10T10:59:01.260", "references": [{"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5", "tags": ["Issue Tracking", "Patch"], "source": "security@android.com"}, {"url": "http://source.android.com/security/bulletin/2016-10-01.html", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3", "tags": ["Release Notes"], "source": "security@android.com"}, {"url": "http://www.securityfocus.com/bid/93318", "source": "security@android.com"}, {"url": "https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5", "tags": ["Issue Tracking", "Patch"], "source": "security@android.com"}, {"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8", "tags": ["Issue Tracking", "Patch"], "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call."}, {"lang": "es", "value": "arch/arm64/mm/dma-mapping.c en el kernel de Linux en versiones anteriores a 4.0.3, como es usado en el subsistema ION en Android y otros productos, no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel desencadenando una llamada dma_mmap."}], "lastModified": "2016-11-28T19:50:45.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3918BCE8-1066-4D3E-A44A-126FCFA0C97B", "versionEndIncluding": "4.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}