CVE-2015-7946
Published: 7 May 2020
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
Notes
Author | Note |
---|---|
jdstrand | this is scheduled to be fixed in OTA9 |
Priority
Status
Package | Release | Status |
---|---|---|
unity8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
|
yakkety |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
|
zesty |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.6 |
Attack vector | Physical |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |