Information Disclosure Vulnerability in Linux Kernel's sched_read_attr Function

Information Disclosure Vulnerability in Linux Kernel's sched_read_attr Function

CVE-2014-9903 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.