NVD

Id
28935  
Name
CVE-2015-8944  
Description
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-08-06  
Modified Date
2016-11-28  
Seq
2015-8944  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152527 28935 CVE-2015-8944 http://source.android.com/security/bulletin/2016-08-01.html  View
152528 28935 CVE-2015-8944 [kernel-hardening] 20160406 Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file  View
152529 28935 CVE-2015-8944 92222  View
152530 28935 CVE-2015-8944 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3467 JVNDB-2016-004240 Nexus 6 および 7 (2013) デバイス上で稼動する Android で使用される Linux Kernel の kernel/resource.c における重要な情報を取得される脆弱性 Nexus 6 および 7 (2013) デバイス上で稼動する Android で使用される Linux Kernel の kernel/resource.c の ioresources_init 関数は、/proc/iomem に対して脆弱なパーミッションを使用するため、重要な情報を取得される脆弱性が存在します。 CVE-2015-8944 86169 CVE-2015-8944 28935 4.3 5.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004240.html 2016-08-01 2016-08-12 View