Vulnerabilities

CVE-2016-4482

by Fred · 23/05/2016

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Date published : 2016-05-23

http://www.securityfocus.com/bid/90029

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee

Similar

Tags: Cybersecurity Alert