CVE-2013-4515
Published: 12 November 2013
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
From the Ubuntu security team
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory.
Priority
Low
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4515
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
- https://ubuntu.com/security/notices/USN-2066-1
- https://ubuntu.com/security/notices/USN-2067-1
- https://ubuntu.com/security/notices/USN-2068-1
- https://ubuntu.com/security/notices/USN-2069-1
- https://ubuntu.com/security/notices/USN-2070-1
- https://ubuntu.com/security/notices/USN-2071-1
- https://ubuntu.com/security/notices/USN-2072-1
- https://ubuntu.com/security/notices/USN-2073-1
- https://ubuntu.com/security/notices/USN-2074-1
- https://ubuntu.com/security/notices/USN-2075-1
- https://ubuntu.com/security/notices/USN-2076-1
- NVD
- Launchpad
- Debian