The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Android-msm | Codeaurora | 3.2.54 (including) | 3.2.54 (including) |
| Android-msm | Codeaurora | 3.4.72 (including) | 3.4.72 (including) |
| Android-msm | Codeaurora | 3.4.73 (including) | 3.4.73 (including) |
| Android-msm | Codeaurora | 3.4.74 (including) | 3.4.74 (including) |
| Android-msm | Codeaurora | 3.4.75 (including) | 3.4.75 (including) |
| Android-msm | Codeaurora | 3.4.76 (including) | 3.4.76 (including) |
| Android-msm | Codeaurora | 3.4.77 (including) | 3.4.77 (including) |
| Android-msm | Codeaurora | 3.4.78 (including) | 3.4.78 (including) |
| Android-msm | Codeaurora | 3.4.79 (including) | 3.4.79 (including) |
| Android-msm | Codeaurora | 3.10.22 (including) | 3.10.22 (including) |
| Android-msm | Codeaurora | 3.10.23 (including) | 3.10.23 (including) |
| Android-msm | Codeaurora | 3.10.24 (including) | 3.10.24 (including) |
| Android-msm | Codeaurora | 3.10.25 (including) | 3.10.25 (including) |
| Android-msm | Codeaurora | 3.10.26 (including) | 3.10.26 (including) |
| Android-msm | Codeaurora | 3.10.27 (including) | 3.10.27 (including) |
| Android-msm | Codeaurora | 3.10.28 (including) | 3.10.28 (including) |
| Android-msm | Codeaurora | 3.10.29 (including) | 3.10.29 (including) |
| Android-msm | Codeaurora | 3.12.3 (including) | 3.12.3 (including) |
| Android-msm | Codeaurora | 3.12.4 (including) | 3.12.4 (including) |
| Android-msm | Codeaurora | 3.12.5 (including) | 3.12.5 (including) |
| Android-msm | Codeaurora | 3.12.6 (including) | 3.12.6 (including) |
| Android-msm | Codeaurora | 3.12.7 (including) | 3.12.7 (including) |
| Android-msm | Codeaurora | 3.12.8 (including) | 3.12.8 (including) |
| Android-msm | Codeaurora | 3.12.9 (including) | 3.12.9 (including) |
| Android-msm | Codeaurora | 3.12.10 (including) | 3.12.10 (including) |
| Android-msm | Codeaurora | 3.13 (including) | 3.13 (including) |
| Android-msm | Codeaurora | 3.13-rc1 (including) | 3.13-rc1 (including) |
| Android-msm | Codeaurora | 3.13-rc2 (including) | 3.13-rc2 (including) |
| Android-msm | Codeaurora | 3.13-rc3 (including) | 3.13-rc3 (including) |
| Android-msm | Codeaurora | 3.13-rc4 (including) | 3.13-rc4 (including) |
| Android-msm | Codeaurora | 3.13-rc5 (including) | 3.13-rc5 (including) |
| Android-msm | Codeaurora | 3.13-rc6 (including) | 3.13-rc6 (including) |
| Android-msm | Codeaurora | 3.13-rc7 (including) | 3.13-rc7 (including) |
| Android-msm | Codeaurora | 3.13-rc8 (including) | 3.13-rc8 (including) |
| Android-msm | Codeaurora | 3.13.1 (including) | 3.13.1 (including) |
| Android-msm | Codeaurora | 3.13.2 (including) | 3.13.2 (including) |
| Android-msm | Codeaurora | 3.14-rc1 (including) | 3.14-rc1 (including) |
| Android-msm | Codeaurora | 3.14-rc2 (including) | 3.14-rc2 (including) |
| Linux | Ubuntu | raring | * |
| Linux-flo | Ubuntu | esm-apps/xenial | * |
| Linux-flo | Ubuntu | trusty | * |
| Linux-flo | Ubuntu | trusty/esm | * |
| Linux-flo | Ubuntu | utopic | * |
| Linux-flo | Ubuntu | vivid | * |
| Linux-flo | Ubuntu | vivid/stable-phone-overlay | * |
| Linux-flo | Ubuntu | wily | * |
| Linux-flo | Ubuntu | xenial | * |
| Linux-flo | Ubuntu | yakkety | * |
| Linux-fsl-imx51 | Ubuntu | lucid | * |
| Linux-goldfish | Ubuntu | saucy | * |
| Linux-grouper | Ubuntu | saucy | * |
| Linux-grouper | Ubuntu | trusty | * |
| Linux-grouper | Ubuntu | utopic | * |
| Linux-linaro-omap | Ubuntu | precise | * |
| Linux-linaro-omap | Ubuntu | quantal | * |
| Linux-linaro-shared | Ubuntu | precise | * |
| Linux-linaro-shared | Ubuntu | quantal | * |
| Linux-linaro-vexpress | Ubuntu | precise | * |
| Linux-linaro-vexpress | Ubuntu | quantal | * |
| Linux-maguro | Ubuntu | saucy | * |
| Linux-maguro | Ubuntu | trusty | * |
| Linux-mako | Ubuntu | esm-apps/xenial | * |
| Linux-mako | Ubuntu | saucy | * |
| Linux-mako | Ubuntu | trusty | * |
| Linux-mako | Ubuntu | trusty/esm | * |
| Linux-mako | Ubuntu | utopic | * |
| Linux-mako | Ubuntu | vivid | * |
| Linux-mako | Ubuntu | vivid/stable-phone-overlay | * |
| Linux-mako | Ubuntu | wily | * |
| Linux-mako | Ubuntu | xenial | * |
| Linux-mako | Ubuntu | yakkety | * |
| Linux-manta | Ubuntu | saucy | * |
| Linux-mvl-dove | Ubuntu | lucid | * |
| Linux-qcm-msm | Ubuntu | lucid | * |
| Linux-qcm-msm | Ubuntu | precise | * |
| Linux-qcm-msm | Ubuntu | quantal | * |
| Linux-ti-omap4 | Ubuntu | raring | * |