The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2016-08-06T10:00:00

Updated: 2024-08-06T14:02:37.856Z

Reserved: 2016-06-24T00:00:00

Link: CVE-2014-9900

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-08-06T10:59:44.983

Modified: 2024-11-21T02:21:56.020

Link: CVE-2014-9900

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-07-25T00:00:00Z

Links: CVE-2014-9900 - Bugzilla