Information Leak in Linux Kernel Network Interface
CVE-2016-4486

3.3LOW

Key Information:

Vendor

Novell
Status
Suse Linux Enterprise Module For Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
Suse Linux Enterprise Desktop
Vendor
CVE Published:
23 May 2016

What is CVE-2016-4486?

The rtnl_fill_link_ifmap function within the Linux kernel prior to version 4.5.5 is affected by an uninitialized data structure, which poses a risk by allowing local users to access sensitive information from the kernel stack memory via Netlink messages. This vulnerability can lead to unauthorized exposure of critical data, necessitating prompt evaluation and mitigation strategies for users of affected Linux kernel versions.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-3006-1
vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3004-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.