Vulnerability-Lookup

CVE-2015-7884 (GCVE-0-2015-7884)

Vulnerability from cvelistv5 – Published: 2015-12-28 11:00 – Updated: 2024-08-06 08:06

Summary

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/eda98796…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034893	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/77317	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2843-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2842-2	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2843-2	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2842-1	vendor-advisoryx_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/10/21/8	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1274726	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2843-3	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:30.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
          },
          {
            "name": "1034893",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034893"
          },
          {
            "name": "77317",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77317"
          },
          {
            "name": "USN-2843-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2843-1"
          },
          {
            "name": "USN-2842-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2842-2"
          },
          {
            "name": "USN-2843-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2843-2"
          },
          {
            "name": "USN-2842-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2842-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
          },
          {
            "name": "[oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
          },
          {
            "name": "USN-2843-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2843-3"
          },
          {
            "name": "openSUSE-SU-2016:1008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
        },
        {
          "name": "1034893",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034893"
        },
        {
          "name": "77317",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77317"
        },
        {
          "name": "USN-2843-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2843-1"
        },
        {
          "name": "USN-2842-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2842-2"
        },
        {
          "name": "USN-2843-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2843-2"
        },
        {
          "name": "USN-2842-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2842-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
        },
        {
          "name": "[oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
        },
        {
          "name": "USN-2843-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2843-3"
        },
        {
          "name": "openSUSE-SU-2016:1008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
            },
            {
              "name": "1034893",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034893"
            },
            {
              "name": "77317",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77317"
            },
            {
              "name": "USN-2843-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2843-1"
            },
            {
              "name": "USN-2842-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2842-2"
            },
            {
              "name": "USN-2843-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2843-2"
            },
            {
              "name": "USN-2842-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2842-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
            },
            {
              "name": "[oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
            },
            {
              "name": "USN-2843-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2843-3"
            },
            {
              "name": "openSUSE-SU-2016:1008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7884",
    "datePublished": "2015-12-28T11:00:00.000Z",
    "dateReserved": "2015-10-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:06:30.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2015-07401

Vulnerability from cnvd - Published: 2015-11-10

Title

Linux kernel本地信息泄露漏洞（CNVD-2015-07401）

Description

Linux kernel是一款开源的操作系统。 Linux kernel存在安全漏洞，允许本地攻击者利用该漏洞获取敏感内存信息。

Severity

中

Patch Name

Linux kernel本地信息泄露漏洞（CNVD-2015-07401）的补丁

Patch Description

Linux kernel是一款开源的操作系统。 Linux kernel存在安全漏洞，允许本地攻击者利用该漏洞获取敏感内存信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.kernel.org/

Reference

http://www.securityfocus.com/bid/77317

Impacted products

Name
Linux Kernel

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77317"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7884"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u5185\u5b58\u4fe1\u606f\u3002",
  "discovererName": "Salva Peir\u00c3\u00b3",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.kernel.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07401",
  "openTime": "2015-11-10",
  "patchDescription": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u5185\u5b58\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07401\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel"
  },
  "referenceLink": "http://www.securityfocus.com/bid/77317",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-07",
  "title": "Linux kernel\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-07401\uff09"
}

FKIE_CVE-2015-7884

Vulnerability from fkie_nvd - Published: 2015-12-28 11:59 - Updated: 2025-04-12 10:46

Severity ?

2.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	cve@mitre.org	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
	cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/10/21/8
	cve@mitre.org	http://www.securityfocus.com/bid/77317
	cve@mitre.org	http://www.securitytracker.com/id/1034893
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2842-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2842-2
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2843-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2843-2
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2843-3
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1274726
	cve@mitre.org	https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c
	af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/10/21/8
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77317
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034893
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2842-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2842-2
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2843-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2843-2
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2843-3
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1274726
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17376827-DFED-4E71-8D4A-5E5C44073D57",
              "versionEndIncluding": "4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n vivid_fb_ioctl en drivers/media/platform/vivid/vivid-osd.c en el kernel de Linux hasta la versi\u00f3n 4.3.3 no inicializa cierto miembro de estructura, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2015-7884",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-28T11:59:02.153",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/77317"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034893"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2842-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2842-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2843-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2843-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2843-3"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2842-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2842-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2843-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2843-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2843-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3W2J-JF2V-W2V3

Vulnerability from github – Published: 2022-05-17 03:25 – Updated: 2022-05-17 03:25

Details

Severity ?

2.3 (Low)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-28T11:59:00Z",
    "severity": "LOW"
  },
  "details": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.",
  "id": "GHSA-3w2j-jf2v-w2v3",
  "modified": "2022-05-17T03:25:30Z",
  "published": "2022-05-17T03:25:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77317"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034893"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2842-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2842-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2843-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2843-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2843-3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2015-7884

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7884

Aliases

CVE-2015-7884

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7884",
    "description": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.",
    "id": "GSD-2015-7884",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-7884.html",
      "https://ubuntu.com/security/CVE-2015-7884",
      "https://advisories.mageia.org/CVE-2015-7884.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7884"
      ],
      "details": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.",
      "id": "GSD-2015-7884",
      "modified": "2023-12-13T01:20:01.651565Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7884",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
          },
          {
            "name": "1034893",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034893"
          },
          {
            "name": "77317",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/77317"
          },
          {
            "name": "USN-2843-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2843-1"
          },
          {
            "name": "USN-2842-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2842-2"
          },
          {
            "name": "USN-2843-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2843-2"
          },
          {
            "name": "USN-2842-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2842-1"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
          },
          {
            "name": "[oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
          },
          {
            "name": "USN-2843-3",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2843-3"
          },
          {
            "name": "openSUSE-SU-2016:1008",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7884"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274726"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c"
            },
            {
              "name": "[oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/21/8"
            },
            {
              "name": "77317",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/77317"
            },
            {
              "name": "openSUSE-SU-2016:1008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
            },
            {
              "name": "1034893",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034893"
            },
            {
              "name": "USN-2843-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2843-1"
            },
            {
              "name": "USN-2842-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2842-2"
            },
            {
              "name": "USN-2843-3",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2843-3"
            },
            {
              "name": "USN-2842-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2842-1"
            },
            {
              "name": "USN-2843-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2843-2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2016-12-07T18:25Z",
      "publishedDate": "2015-12-28T11:59Z"
    }
  }
}

CERTFR-2015-AVI-549

Vulnerability from certfr_avis - Published: 2015-12-17 - Updated: 2015-12-17

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 15.10
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 LTS
Ubuntu	Ubuntu	Ubuntu 15.04

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7884 (GCVE-0-2015-7884)

CNVD-2015-07401

FKIE_CVE-2015-7884

GHSA-3W2J-JF2V-W2V3

GSD-2015-7884

CERTFR-2015-AVI-549

Solution

Tags

Sightings

Nomenclature