Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-9900
HistoryAug 06, 2016 - 12:00 a.m.

CVE-2014-9900

2016-08-0600:00:00
ubuntu.com
ubuntu.com
5

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel
through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013)
devices, does not initialize a certain data structure, which allows local
users to obtain sensitive information via a crafted application, aka
Android internal bug 28803952 and Qualcomm internal bug CR570754.

Notes

Author Note
tyhicks Fix doesn’t appear to have been upstreamed
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-125.174UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-87.110UNKNOWN
ubuntu17.04noarchlinux< 4.10.0-28.32UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1026.35UNKNOWN
ubuntu16.04noarchlinux-gke< 4.4.0-1022.22UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.10.0-28.32~16.04.2UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.10.0-28.32~16.04.2UNKNOWN
ubuntu14.04noarchlinux-lts-xenial< 4.4.0-87.110~14.04.1UNKNOWN
ubuntu16.04noarchlinux-raspi2< 4.4.0-1065.73UNKNOWN
ubuntu17.04noarchlinux-raspi2< 4.10.0-1011.14UNKNOWN
Rows per page:
1-10 of 121

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

Related for UB:CVE-2014-9900