| Revision Date: | 2015-12-28 | Version: | 1 | | Title: | CVE-2015-7884 on Ubuntu 14.04 LTS (trusty) - low. | | Description: | The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. It was discovered that the virtual video osd test driver in the Linux kernel did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2015-7884
| | Platform(s): | Ubuntu 14.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 14.04 LTS (trusty) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected.
OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-41.46~14.04.2').
OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-21.25~14.04.1').
OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
|
|