> [Suggested description] > The print_binder_transaction_ilocked function in > drivers/android/binder.c in the Linux kernel 4.14.90 allows local users > to obtain sensitive address information by reading "*from *code *flags" > lines in a debugfs file. > > ------------------------------------------ > > [Additional Information] > (* is a wildcard) > > ------------------------------------------ > > [VulnerabilityType Other] > CWE-200 > > ------------------------------------------ > > [Vendor of Product] > Debian GNU/Linux > > ------------------------------------------ > > [Affected Product Code Base] > Linux - 4.14.90 > > ------------------------------------------ > > [Attack Type] > Local > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Reference] > https://elixir.bootlin.com/linux/v4.14.90/source/drivers/android/binder.c#L5004 > > ------------------------------------------ > > [Discoverer] > Fuqian Huang
