The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.