Information Disclosure Vulnerability in Linux Kernel by The Linux Foundation
CVE-2016-4485

7.5HIGH

Key Information:

Vendor
Novell
Status
Suse Linux Enterprise Server
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Software Development Kit
Vendor
CVE Published:
23 May 2016

Summary

The llc_cmsg_rcv function in the Linux kernel prior to version 4.5.5 fails to initialize a specific data structure, which allows attackers to potentially access sensitive information from the kernel stack memory by reading a message. This can lead to the unintentional exposure of sensitive data, raising security concerns for systems running affected kernel versions.

References

http://www.ubuntu.com/usn/USN-3006-1
vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3004-1
vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3001-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4485 : Information Disclosure Vulnerability in Linux Kernel by The Linux Foundation | SecurityVulnerability.io