Kernel MSM < 3.10 – Memory leak in the Genlock driver (CVE-2013-6392)
The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.Description
The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.
Classification
Location: Local Access Required
Attack Type: Information Disclosure, Input Manipulation
Version: Kernel MSM Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified
CVE ID: CVE-2013-6392
CWE ID: CWE-200
References
Credit: Jonathan Salwan
Mail List Post: http://seclists.org/oss-sec/2013/q4/334
Commit patch: e3c43027bdb59f03eec7ead0a01c77e4bf801625