Information Disclosure

2020-12-0602:21:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

linux kernel is vulnerable to information disclosure. Uninitialized memory leaks to userspace occurs in romfs_dev_read in fs/romfs/storage.c.

CPENameOperatorVersion
linux-oracle:xenialeq4.15.0.1050.41
linux-oracle:xenialeq4.15.0.1053.43
linux-oracle:xenialeq4.15.0.1054.44
linux-aws:xenialeq4.4.0.1113.118
linux-aws:xenialeq4.4.0.1112.117
linux-aws:xenialeq4.4.0.1114.119
linux-aws:xenialeq4.4.0.1117.122
linux-kvm:focaleq5.4.0.1009.9
linux-kvm:focaleq5.4.0.1026.24
linux-kvm:focaleq5.4.0.1024.22

Name	Operator	Version
linux-oracle:xenial	eq	4.15.0.1050.41
linux-oracle:xenial	eq	4.15.0.1053.43
linux-oracle:xenial	eq	4.15.0.1054.44
linux-aws:xenial	eq	4.4.0.1113.118
linux-aws:xenial	eq	4.4.0.1112.117
linux-aws:xenial	eq	4.4.0.1114.119
linux-aws:xenial	eq	4.4.0.1117.122
linux-kvm:focal	eq	5.4.0.1009.9
linux-kvm:focal	eq	5.4.0.1026.24
linux-kvm:focal	eq	5.4.0.1024.22