CVE-2016-4486

3.3LOW

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Module For Public Cloud; Suse Linux Enterprise Server; Suse Linux Enterprise Live Patching; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 23 May 2016

Summary

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

References

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

http://www.ubuntu.com/usn/USN-3006-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-3004-1

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2016
Vulnerability Reserved
May 4, 2016

Collectors

NVD DatabaseMitre Database