Home

CVE-2015-7884

Description

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

Risk Information

Base Score
2.3
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.037

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-2842-1) linux-image-3.19.0-41-generic_3.19.0-41.46_i386.debLinux
Linux kernel (USN-2842-1) linux-image-3.19.0-41-generic_3.19.0-41.46_amd64.debLinux
Linux kernel (USN-2842-1) linux-image-3.19.0-41-lowlatency_3.19.0-41.46_i386.debLinux
Linux kernel (USN-2842-1) linux-image-3.19.0-41-lowlatency_3.19.0-41.46_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2842-2) linux-image-3.19.0-41-generic_3.19.0-41.46~14.04.2_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2842-2) linux-image-3.19.0-41-generic_3.19.0-41.46~14.04.2_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2842-2) linux-image-3.19.0-41-lowlatency_3.19.0-41.46~14.04.2_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2842-2) linux-image-3.19.0-41-lowlatency_3.19.0-41.46~14.04.2_amd64.debLinux
Linux hardware enablement kernel from Wily (USN-2843-2) linux-image-4.2.0-21-generic_4.2.0-21.25~14.04.1_i386.debLinux
Linux hardware enablement kernel from Wily (USN-2843-2) linux-image-4.2.0-21-generic_4.2.0-21.25~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Wily (USN-2843-2) linux-image-4.2.0-21-lowlatency_4.2.0-21.25~14.04.1_i386.debLinux
Linux hardware enablement kernel from Wily (USN-2843-2) linux-image-4.2.0-21-lowlatency_4.2.0-21.25~14.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234