Improper Initialization of Timestamp Data Structure in Linux Kernel Allows Information Disclosure

Improper Initialization of Timestamp Data Structure in Linux Kernel Allows Information Disclosure

CVE-2014-9892 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.