CVE-2016-5244

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-5244
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb Patch
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/03/5 Mailing List Technical Description
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91021
http://www.securitytracker.com/id/1041895
http://www.ubuntu.com/usn/USN-3070-1
http://www.ubuntu.com/usn/USN-3070-2
http://www.ubuntu.com/usn/USN-3070-3
http://www.ubuntu.com/usn/USN-3070-4
http://www.ubuntu.com/usn/USN-3071-1
http://www.ubuntu.com/usn/USN-3071-2
http://www.ubuntu.com/usn/USN-3072-1
http://www.ubuntu.com/usn/USN-3072-2
https://bugzilla.redhat.com/show_bug.cgi?id=1343337 Issue Tracking
https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb Patch
https://patchwork.ozlabs.org/patch/629110/ Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb Patch
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/03/5 Mailing List Technical Description
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91021
http://www.securitytracker.com/id/1041895
http://www.ubuntu.com/usn/USN-3070-1
http://www.ubuntu.com/usn/USN-3070-2
http://www.ubuntu.com/usn/USN-3070-3
http://www.ubuntu.com/usn/USN-3070-4
http://www.ubuntu.com/usn/USN-3071-1
http://www.ubuntu.com/usn/USN-3071-2
http://www.ubuntu.com/usn/USN-3072-1
http://www.ubuntu.com/usn/USN-3072-2
https://bugzilla.redhat.com/show_bug.cgi?id=1343337 Issue Tracking
https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb Patch
https://patchwork.ozlabs.org/patch/629110/ Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*

Configuration 12 (hide)

cpe:2.3:o:suse:opensuse_leap:42.1:*:*:*:*:*:*:*

Configuration 13 (hide)

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

Configuration 14 (hide)

cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 16 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 17 (hide)

cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
History

21 Nov 2024, 02:53

Type Values Removed Values Added
References () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb - Patch () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb - Patch
References () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html - () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html - () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html - () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html - () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html -
References () http://www.debian.org/security/2016/dsa-3607 - () http://www.debian.org/security/2016/dsa-3607 -
References () http://www.openwall.com/lists/oss-security/2016/06/03/5 - Mailing List, Technical Description () http://www.openwall.com/lists/oss-security/2016/06/03/5 - Mailing List, Technical Description
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -
References () http://www.securityfocus.com/bid/91021 - () http://www.securityfocus.com/bid/91021 -
References () http://www.securitytracker.com/id/1041895 - () http://www.securitytracker.com/id/1041895 -
References () http://www.ubuntu.com/usn/USN-3070-1 - () http://www.ubuntu.com/usn/USN-3070-1 -
References () http://www.ubuntu.com/usn/USN-3070-2 - () http://www.ubuntu.com/usn/USN-3070-2 -
References () http://www.ubuntu.com/usn/USN-3070-3 - () http://www.ubuntu.com/usn/USN-3070-3 -
References () http://www.ubuntu.com/usn/USN-3070-4 - () http://www.ubuntu.com/usn/USN-3070-4 -
References () http://www.ubuntu.com/usn/USN-3071-1 - () http://www.ubuntu.com/usn/USN-3071-1 -
References () http://www.ubuntu.com/usn/USN-3071-2 - () http://www.ubuntu.com/usn/USN-3071-2 -
References () http://www.ubuntu.com/usn/USN-3072-1 - () http://www.ubuntu.com/usn/USN-3072-1 -
References () http://www.ubuntu.com/usn/USN-3072-2 - () http://www.ubuntu.com/usn/USN-3072-2 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1343337 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=1343337 - Issue Tracking
References () https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb - Patch () https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb - Patch
References () https://patchwork.ozlabs.org/patch/629110/ - Patch () https://patchwork.ozlabs.org/patch/629110/ - Patch
Information

Published : 2016-06-27 10:59

Updated : 2024-11-21 02:53

NVD link : CVE-2016-5244

Mitre link : CVE-2016-5244

CVE.ORG link : CVE-2016-5244

JSON object : View

Products Affected

suse

  • linux_enterprise_workstation_extension
  • opensuse_leap
  • linux_enterprise_server
  • linux_enterprise_desktop
  • suse_linux_enterprise_server
  • suse_linux_enterprise_software_development_kit
  • linux_enterprise_real_time_extension
  • linux_enterprise_debuginfo

redhat

  • enterprise_linux

linux

  • linux_kernel

fedoraproject

  • fedora
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024