4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
The genlock_dev_ioctl function in genlock.c in the Genlock driver for the
Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android
contributions for MSM devices and other products, does not properly
initialize a certain data structure, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
GENLOCK_IOC_EXPORT ioctl call.
Author | Note |
---|---|
mdeslaur | possibly android only |