4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
26.4%
The processcompl_compat function in drivers/usb/core/devio.c in Linux
kernel 2.6.x through 2.6.32, and possibly other versions, does not clear
the transfer buffer before returning to userspace when a USB command fails,
which might make it easier for physically proximate attackers to obtain
sensitive information (kernel memory).