Description

The Genlock driver does not properly initialize all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Input Manipulation
Version: Kernel MSM Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified
CVE ID: CVE-2013-6392
CWE ID: CWE-200

References

Credit: Jonathan Salwan
Mail List Post: http://seclists.org/oss-sec/2013/q4/334
Commit patch: e3c43027bdb59f03eec7ead0a01c77e4bf801625