Remote Information Disclosure Bug in Linux Kernel by Atheros
CVE-2016-2117

7.5HIGH

Key Information:

Vendor

Oracle
Status
Vm Server
Vendor
CVE Published:
2 May 2016

What is CVE-2016-2117?

The vulnerability in the Linux kernel, specifically within the Atheros network drivers, stems from the incorrect handling of scatter/gather I/O in the atl2_probe function. This flaw permits remote attackers to exploit the system, leading to unauthorized access to sensitive information stored in kernel memory. By reading packet data, an attacker could potentially collect critical system information, presenting significant risks to affected users and systems.

References

http://www.ubuntu.com/usn/USN-3006-1
vendor-advisoryx_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3004-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.