#VU91333 Information disclosure in Linux kernel
Vulnerability identifier: #VU91333
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58
http://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a
http://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e
http://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931
http://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd
http://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72
http://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
