CVE-2015-7885

Vulnerability

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member before copying it to user space. This affects the staging driver for Digi Neo and ClassicBoard devices, which is not enabled by default and requires the dgnc kernel module to be loaded. The vulnerability is present in all kernels up to and including version 4.3.3 [1][2][3].

Exploitation

A local attacker with the ability to call ioctl() on a device node exposed by the dgnc driver can trigger the information leak. No special privileges beyond local user access are required, but the dgnc module must be loaded. The attacker sends a crafted ioctl command to the device, causing the kernel to return uninitialized kernel stack memory to the attacker [4].

Impact

Successful exploitation allows a local attacker to obtain sensitive information from kernel memory. The leaked data may contain kernel addresses or other privileged data that could assist in further exploitation, though the severity is rated low due to the limited privilege required and the driver being part of the staging tree [1][2][3][4].

Mitigation

Ubuntu released kernel updates in USN-2841-1, USN-2841-2, and USN-2844-1 on 17 December 2015 that address this vulnerability [1][2][3]. Red Hat tracked this as CVE-2015-7885 but marked it NOTABUG, indicating the driver is not shipped with Red Hat Enterprise Linux [4]. Users of affected Ubuntu kernels should apply the recommended updates. For systems where the dgnc driver is not required, unloading the module or blacklisting it serves as a workaround.