Linux kernel built with the Multimedia support(CONFIG_MEDIA_SUPPORT) to enable web-cam, video grabber devices, is vulnerable to an information leakage flaw. It could occur while doing an ioctl(2) call on a media device file. A user/process able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/e6a623460e5fc960ac3ee9f946d3106233fd28d8 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2014/06/15/1
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1109778]
IssueDescription: An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html