Medium severity5.5NVD Advisory· Published Oct 10, 2016· Updated May 6, 2026

CVE-2015-8950

Description

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatch
github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5nvdIssue TrackingPatch
source.codeaurora.org/quic/la/kernel/msm-3.10/commit/nvdIssue TrackingPatch
source.android.com/security/bulletin/2016-10-01.htmlnvdVendor Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3nvdRelease Notes
www.securityfocus.com/bid/93318nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000