Uninitialized Heap-Memory Leak in klsi_105_get_line_state Function

Uninitialized Heap-Memory Leak in klsi_105_get_line_state Function

CVE-2017-5549 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.