The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, allowing local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call
Reporter | Title | Published | Views | Family All 122 |
---|---|---|---|---|
Fedora | [SECURITY] Fedora 24 Update: kernel-4.5.3-300.fc24 | 8 May 201610:31 | β | fedora |
Fedora | [SECURITY] Fedora 23 Update: kernel-4.4.9-300.fc23 | 12 May 201607:33 | β | fedora |
Fedora | [SECURITY] Fedora 22 Update: kernel-4.4.9-200.fc22 | 16 May 201614:56 | β | fedora |
NVD | CVE-2016-4482 | 23 May 201610:59 | β | nvd |
OpenVAS | Fedora Update for kernel FEDORA-2016-7d900003e6 | 8 Jun 201600:00 | β | openvas |
OpenVAS | Fedora Update for kernel FEDORA-2016-4 | 9 May 201600:00 | β | openvas |
OpenVAS | Fedora Update for kernel FEDORA-2016-a159c484e4 | 8 Jun 201600:00 | β | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3018-2) | 28 Jun 201600:00 | β | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3016-1) | 28 Jun 201600:00 | β | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3017-2) | 28 Jun 201600:00 | β | openvas |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo