CVE-2015-7946
Published: 7 May 2020
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
Notes
| Author | Note |
|---|---|
| jdstrand | this is scheduled to be fixed in OTA9 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
unity8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Needs triage
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
|
| yakkety |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
|
| zesty |
Not vulnerable
(8.11+16.04.20160111.1-0ubuntu1)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.6 |
| Attack vector | Physical |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |