CVEs-PoC/2016/CVE-2016-4482.md at e7be3f24665f27f4f8a571f070ce04dfd1f54dc4

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 10:14:49 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

POC

Reference

No PoCs from references.

Github

https://github.com/thdusdl1219/CVE-Study
https://github.com/vincent-deng/veracode-container-security-finding-parser

792 B Raw Blame History

CVE-2016-4482

Description

POC

Reference

Github

792 B

Raw Blame History