CVE-2015-8950

5.5 MEDIUM
Published: October 10, 2016 Modified: May 06, 2026
View on NVD

Description

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5
Source: security@android.com
Issue Tracking Patch
http://source.android.com/security/bulletin/2016-10-01.html
Source: security@android.com
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
Source: security@android.com
Release Notes
http://www.securityfocus.com/bid/93318
Source: security@android.com
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5
Source: security@android.com
Issue Tracking Patch
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8
Source: security@android.com
Issue Tracking Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
http://source.android.com/security/bulletin/2016-10-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
http://www.securityfocus.com/bid/93318
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch

12 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.5 / 10.0
EPSS (Exploit Probability)
0.1%
35th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

linux

Related CVEs

CVE-2026-44928 2.9
CVE-2026-44927 2.9
CVE-2026-43284 N/A
CVE-2013-10075 N/A
CVE-2026-8149 N/A