CVE-2015-8950
CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5http://source.android.com/security/bulletin/2016-10-01.htmlhttps://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3http://www.securityfocus.com/bid/93318