cpe:/o:google:android:6.0.1 cpe:/o:linux:linux_kernel:4.7 CVE-2015-8944 2016-08-06T06:59:54.077-04:00 2016-11-28T14:50:41.270-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2016-08-09T12:33:22.190-04:00 BID 92222 MLIST [kernel-hardening] 20160406 Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file CONFIRM http://source.android.com/security/bulletin/2016-08-01.html CONFIRM https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104 The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.