Severity: Unknown
Affected Package: kernel
Summary: 4.3BSD compat stat(2) kernel stack disclosure
The historic 4.3BSD-compatibility stat(2) system call did not clear the output struct before copying it out to userland. An unprivileged user could read uninitialized kernel stack memory, potentially exposing sensitive data useful for privilege escalation. Fixed in the 0.7.9 release.
No specific recommendations provided.
Aliases:
Published: May 31, 2016
Last Modified: May 31, 2016