Vulnerability Name:

CVE-2015-8950 (CCN-118246)

Assigned:2016-10-04
Published:2016-10-04
Updated:2016-11-28
Summary:arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2015-8950

Source: CCN
Type: Linux Kernel GIT Repository
arm64: dma-mapping: always clear allocated buffers

Source: CONFIRM
Type: Issue Tracking, Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5

Source: CCN
Type: Android Open Source Project
Android Security Bulletin—October 2016

Source: CONFIRM
Type: Vendor Advisory
http://source.android.com/security/bulletin/2016-10-01.html

Source: CONFIRM
Type: Release Notes
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3

Source: BID
Type: UNKNOWN
93318

Source: CCN
Type: BID-93318
Linux Kernel CVE-2015-8950 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
linux-kernel-cve20158950-info-disc(118246)

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5

Source: CONFIRM
Type: Issue Tracking, Patch
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-8950

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.0.2)

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20158950000
    V
    		CVE-2015-8950 on Ubuntu 12.04 LTS (precise) - low.
    2016-10-10
    oval:com.ubuntu.trusty:def:20158950000
    V
    		CVE-2015-8950 on Ubuntu 14.04 LTS (trusty) - low.
    2016-10-10
    oval:com.ubuntu.xenial:def:20158950000
    V
    		CVE-2015-8950 on Ubuntu 16.04 LTS (xenial) - low.
    2016-10-10
    oval:com.ubuntu.xenial:def:201589500000000
    V
    		CVE-2015-8950 on Ubuntu 16.04 LTS (xenial) - low.
    2016-10-10
    BACK
    linux linux kernel *
    linux linux kernel -