Uninitialized Data Structures Vulnerability in Linux Kernel's DMA Mapping

Uninitialized Data Structures Vulnerability in Linux Kernel's DMA Mapping

CVE-2015-8950 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.