Linux : Security Vulnerabilities, CVEs, Published In 2015 (Information Leak)
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
Max CVSS
4.0
EPSS Score
0.14%
Published
2015-12-28
Updated
2018-01-05
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2016-12-07
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Max CVSS
2.3
EPSS Score
0.04%
Published
2015-12-28
Updated
2017-11-04
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-31
Updated
2017-09-21
5 vulnerabilities found