Kernel MSM Memory Leak

2013.11.26
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-200


CVSS Base Score: 4.9/10
Impact Subscore: 6.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: None
Availability impact: None

Description ----------- The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls. Classification -------------- Location: Local Access Required Attack Type: Information Disclosure, Input Manipulation Version: Kernel MSM < 3.10 Impact: Loss of Confidentiality Solution: Patch / RCS Disclosure: Vendor Verified CVE ID: CVE-2013-6392 CWE ID: CWE-200 References ---------- Credit: Jonathan Salwan Mail List Post: http://seclists.org/oss-sec/2013/q4/334 Commit patch: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625

References:

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top