In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2033724]
xt_quota2.c is an android implementatation, not in the upstream kernel tree. This code does not appear in the Fedora kernel at all.