Uninitialized Data Structure Vulnerability in atyfb_ioctl Function

Uninitialized Data Structure Vulnerability in atyfb_ioctl Function

CVE-2017-14156 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.