Uninitialized Data Structure Vulnerability in ethtool_get_wol Function

Uninitialized Data Structure Vulnerability in ethtool_get_wol Function

CVE-2014-9900 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.