Uninitialized Data Structure Vulnerability in atyfb_ioctl Function
CVE-2017-14156 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.