Remote Information Disclosure Bug in Linux Kernel by Atheros
CVE-2016-2117
7.5HIGH
Summary
The vulnerability in the Linux kernel, specifically within the Atheros network drivers, stems from the incorrect handling of scatter/gather I/O in the atl2_probe function. This flaw permits remote attackers to exploit the system, leading to unauthorized access to sensitive information stored in kernel memory. By reading packet data, an attacker could potentially collect critical system information, presenting significant risks to affected users and systems.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved