cnvd - cnvd-2016-09459

cnvd-2016-09459

Vulnerability from cnvd

Title: Android Linux kernel信息泄露漏洞（CNVD-2016-09459）

Description:

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。Linux kernel是其中的一个Linux所使用的内核。

Android及其他产品中的ION子系统使用的Linux kernel 4.0.3之前版本的arch/arm64/mm/dma-mapping.c文件中存在信息泄露漏洞，该漏洞源于程序未能初始化数据结构。本地攻击者可利用该漏洞获取内核内存的敏感信息。

Severity: 中

Patch Name: Android Linux kernel信息泄露漏洞（CNVD-2016-09459）的补丁

Patch Description:

Android及其他产品中的ION子系统使用的Linux kernel 4.0.3之前版本的arch/arm64/mm/dma-mapping.c文件中存在信息泄露漏洞，该漏洞源于程序未能初始化数据结构。本地攻击者可利用该漏洞获取内核内存的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5

Reference: http://www.securityfocus.com/bid/93318

Impacted products

Name
Linux Kernel <4.0.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93318"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8950"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Linux kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2aLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nAndroid\u53ca\u5176\u4ed6\u4ea7\u54c1\u4e2d\u7684ION\u5b50\u7cfb\u7edf\u4f7f\u7528\u7684Linux kernel 4.0.3\u4e4b\u524d\u7248\u672c\u7684arch/arm64/mm/dma-mapping.c\u6587\u4ef6\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u521d\u59cb\u5316\u6570\u636e\u7ed3\u6784\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u6838\u5185\u5b58\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Hang Zhang, Dongdong She, and Zhiyun Qian of UC Riverside",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09459",
  "openTime": "2016-10-19",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Linux kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2aLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nAndroid\u53ca\u5176\u4ed6\u4ea7\u54c1\u4e2d\u7684ION\u5b50\u7cfb\u7edf\u4f7f\u7528\u7684Linux kernel 4.0.3\u4e4b\u524d\u7248\u672c\u7684arch/arm64/mm/dma-mapping.c\u6587\u4ef6\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u521d\u59cb\u5316\u6570\u636e\u7ed3\u6784\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u6838\u5185\u5b58\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Android Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-09459\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel \u003c4.0.3"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93318",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-13",
  "title": "Android Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-09459\uff09"
}

CVE-2015-8950 (GCVE-0-2015-8950)

Vulnerability from cvelistv5

Published

2016-10-10 10:00

Modified

2024-08-06 08:36

Severity ?

CWE

Summary

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

References

▼	URL	Tags
	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5	x_refsource_CONFIRM
	http://source.android.com/security/bulletin/2016-10-01.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93318	vdb-entry, x_refsource_BID
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:30.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-10-01.html"
          },
          {
            "name": "93318",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93318"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-10-01.html"
        },
        {
          "name": "93318",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93318"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2015-8950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8",
              "refsource": "CONFIRM",
              "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-10-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-10-01.html"
            },
            {
              "name": "93318",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93318"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2015-8950",
    "datePublished": "2016-10-10T10:00:00",
    "dateReserved": "2016-08-11T00:00:00",
    "dateUpdated": "2024-08-06T08:36:30.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted