Linux Kernel 4.3.3 vivid-osd.c vivid_fb_ioctl fb_vblank information disclosure

A vulnerability was found in Linux Kernel 4.3.3 (Operating System). It has been declared as problematic. Affected by this vulnerability is the function vivid_fb_ioctl of the file drivers/media/platform/vivid/vivid-osd.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published 3 months after the disclosure of the vulnerability.

Field09/21/2018 09:53 AM06/23/2022 08:27 PM06/23/2022 08:36 PM
vulnerabilitycenter_titleLinux Kernel <=4.3.3 Local Information Disclosure in vivid-osd - CVE-2015-7884Linux Kernel <=4.3.3 Local Information Disclosure in vivid-osd - CVE-2015-7884Linux Kernel <=4.3.3 Local Information Disclosure in vivid-osd - CVE-2015-7884
vulnerabilitycenter_severityLowLowLow
vulnerabilitycenter_creationdate145211760014521176001452117600
vulnerabilitycenter_lastupdate152875440015287544001528754400
vulnerabilitycenter_reportingdate145125360014512536001451253600
xforce107416107416107416
xforce_titleLinux Kernel struct fb_vblank information disclosureLinux Kernel struct fb_vblank information disclosureLinux Kernel struct fb_vblank information disclosure
xforce_identifierlinux-kernel-cve20157884-info-disclinux-kernel-cve20157884-info-disclinux-kernel-cve20157884-info-disc
nessus_id874688746887468
nessus_nameUbuntu 15.04 : linux vulnerabilities (USN-2842-1)Ubuntu 15.04 : linux vulnerabilities (USN-2842-1)Ubuntu 15.04 : linux vulnerabilities (USN-2842-1)
nessus_filenameubuntu_USN-2842-1.naslubuntu_USN-2842-1.naslubuntu_USN-2842-1.nasl
nessus_riskMediumMediumMedium
nessus_familyUbuntu Local Security ChecksUbuntu Local Security ChecksUbuntu Local Security Checks
nessus_typelocallocallocal
nessus_date1450303200 (12/16/2015)1450303200 (12/16/2015)1450303200 (12/16/2015)
qualys_id169316169316169316
qualys_titleOpenSuSE Security Update for the Linux Kernel (openSUSE-SU-2016:1008-1)OpenSuSE Security Update for the Linux Kernel (openSUSE-SU-2016:1008-1)OpenSuSE Security Update for the Linux Kernel (openSUSE-SU-2016:1008-1)
mischttp://seclists.org/oss-sec/2015/q4/122http://seclists.org/oss-sec/2015/q4/122http://seclists.org/oss-sec/2015/q4/122
seealso78722 8072278722 8072278722 80722
cvss2_vuldb_eUUU
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eUUU
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
reaction_days575757
exposure_days575757
typeOperating SystemOperating SystemOperating System
vendorLinuxLinuxLinux
nameKernelKernelKernel
version4.3.34.3.34.3.3
filedrivers/media/platform/vivid/vivid-osd.cdrivers/media/platform/vivid/vivid-osd.cdrivers/media/platform/vivid/vivid-osd.c
functionvivid_fb_ioctlvivid_fb_ioctlvivid_fb_ioctl
argumentfb_vblankfb_vblankfb_vblank
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss2_vuldb_basescore4.94.94.9
cvss2_vuldb_tempscore3.63.63.6
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss3_meta_basescore2.32.32.3
cvss3_meta_tempscore2.02.02.1
cvss3_vuldb_basescore2.32.32.3
cvss3_vuldb_tempscore2.02.02.0
date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
locationoss-secoss-secoss-sec
typeMailinglist PostMailinglist PostMailinglist Post
urlhttp://seclists.org/oss-sec/2015/q4/115http://seclists.org/oss-sec/2015/q4/115http://seclists.org/oss-sec/2015/q4/115
disputed000
price_0day$0-$5k$0-$5k$0-$5k
namePatchPatchPatch
patch_urlhttp://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333chttp://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333chttp://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
sourcecodememset(&vblank, 0, sizeof(vblank));memset(&vblank, 0, sizeof(vblank));memset(&vblank, 0, sizeof(vblank));
cveCVE-2015-7884CVE-2015-7884CVE-2015-7884
cve_assigned1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
cve_nvd_published145126080014512608001451260800
securityfocus773177731777317
securityfocus_date1445385600 (10/21/2015)1445385600 (10/21/2015)1445385600 (10/21/2015)
securityfocus_classDesign ErrorDesign ErrorDesign Error
securityfocus_titleLinux Kernel Multiple Local Information Disclosure VulnerabilitiesLinux Kernel Multiple Local Information Disclosure VulnerabilitiesLinux Kernel Multiple Local Information Disclosure Vulnerabilities
sectracker103489310348931034893
sectracker_date1454112000 (01/30/2016)1454112000 (01/30/2016)1454112000 (01/30/2016)
sectracker_causeAccess control errorAccess control errorAccess control error
vulnerabilitycenter555335553355533
openvas_id850584850584850584
openvas_filenamegb_suse_2016_1008_1.naslgb_suse_2016_1008_1.naslgb_suse_2016_1008_1.nasl
openvas_titleSuSE Update for the openSUSE-SU-2016:1008-1 (Linux Kernel)SuSE Update for the openSUSE-SU-2016:1008-1 (Linux Kernel)SuSE Update for the openSUSE-SU-2016:1008-1 (Linux Kernel)
openvas_familySuSE Local Security ChecksSuSE Local Security ChecksSuSE Local Security Checks
cvss2_nvd_avLLL
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
confirm_urlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333chttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333chttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
date1450303200 (12/16/2015)1450303200 (12/16/2015)1450303200 (12/16/2015)
identifierUSN-2842-1USN-2842-1
cve_nvd_summaryThe vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
cvss2_nvd_basescore1.91.9
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cL
cvss3_nvd_iN
cvss3_nvd_aN
cvss3_nvd_basescore2.3

Do you want to use VulDB in your project?

Use the official API to access entries easily!