CVE-2016-4482

Published May 23rd, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

2.1

LOW

Affected

PROJECT

Description

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

torvalds/linux

Linux kernel source tree

GitHub

237K