CVE-2016-4485

7.5HIGH

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Server; Suse Linux Enterprise Debuginfo; Suse Linux Enterprise Software Development Kit
Vendor: CVE Published:; 23 May 2016

Summary

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

References

http://www.ubuntu.com/usn/USN-3006-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-3004-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-3001-1

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2016
Vulnerability Reserved
May 4, 2016

Collectors

NVD DatabaseMitre Database