** Changed in: linux-lts-utopic (Ubuntu Trusty)
Status: New => Fix Committed
** Description changed:
- [information leak in devio]
+ The proc_connectinfo function in drivers/usb/core/devio.c in the Linux
+ kernel through 4.6 does not initialize a certain data structure, which
+ allows local users to obtain sensitive information from kernel stack
+ memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Break-Fix: - 681fef8380eb818c0b845fca5d2ab1dcbab114ee
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578493
Title:
CVE-2016-4482
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1578493/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
