Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
47 lines (46 sloc) 1.07 KB
> [Suggested description]
> The print_binder_transaction_ilocked function in
> drivers/android/binder.c in the Linux kernel 4.14.90 allows local users
> to obtain sensitive address information by reading "*from *code *flags"
> lines in a debugfs file.
>
> ------------------------------------------
>
> [Additional Information]
> (* is a wildcard)
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> CWE-200
>
> ------------------------------------------
>
> [Vendor of Product]
> Debian GNU/Linux
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Linux - 4.14.90
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Reference]
> https://elixir.bootlin.com/linux/v4.14.90/source/drivers/android/binder.c#L5004
> https://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg03901.html
>
> ------------------------------------------
>
> [Discoverer]
> Fuqian Huang
You can’t perform that action at this time.