Wind River Support Network

HomeDefectsLIN7-6333

Fixed

LIN7-6333 : Security Advisory - linux - CVE-2016-4482

Created: May 31, 2016 Updated: Sep 8, 2018

Resolved Date: Aug 10, 2016

Found In Version: 7.0.0.15

Fix Version: 7.0.0.19

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Kernel

Description

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4482

Other Downloads

Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-4482