drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-08-06 03:59
Updated : 2016-11-28 11:15
NVD link : CVE-2014-9895
Mitre link : CVE-2014-9895
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
- android
linux
- linux_kernel