• CENTRE D’URGENCE | 24/7
  • Vous êtes victime d’une cyberattaque ?
  • Contactez notre centre d’urgence cyber :
  • +33 (0)1 83 07 00 06

Kernel MSM < 3.10 – Memory leak in the Genlock driver (CVE-2013-6392)

The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.

Description

The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Input Manipulation
Version: Kernel MSM Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified
CVE ID: CVE-2013-6392
CWE ID: CWE-200

References

Credit: Jonathan Salwan
Mail List Post: http://seclists.org/oss-sec/2013/q4/334
Commit patch: e3c43027bdb59f03eec7ead0a01c77e4bf801625