[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2018-20510



> [Suggested description]
> The print_binder_transaction_ilocked function in
> drivers/android/binder.c in the Linux kernel 4.14.90 allows local users
> to obtain sensitive address information by reading "*from *code *flags"
> lines in a debugfs file.
>
> ------------------------------------------
>
> [Additional Information]
> (* is a wildcard)
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> CWE-200
>
> ------------------------------------------
>
> [Vendor of Product]
> Debian GNU/Linux
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Linux - 4.14.90
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Reference]
> https://elixir.bootlin.com/linux/v4.14.90/source/drivers/android/binder.c#L5004
>
> ------------------------------------------
>
> [Discoverer]
> Fuqian Huang


Reply to: