CVE-2016-2117

CWE-200 — Information Exposure CWE-120 — Classic Buffer Overflow26 documents9 sources

Severity

7.5HIGH

EPSS

0.7%

top 27.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Oracle VM Server

Timeline

PublishedMay 2

Latest updateMay 14

Description

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDlinux/linux_kernel4.5.2

▶Debianlinux< 4.5.2-1+3

▶Ubuntulinux< 3.13.0-87.133+1

▶Ubuntulinux-raspi2< 4.4.0-1012.16

▶Ubuntulinux-lts-wily< 4.2.0-38.45~14.04.1

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-7qq2-hfpc-p7pq: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2↗2022-05-14

▶

OSV

linux-raspi2 vulnerabilities↗2016-06-10

▶

OSV

linux-lts-utopic vulnerabilities↗2016-06-10

▶

OSV

linux-lts-vivid vulnerabilities↗2016-06-10

▶

OSV

linux vulnerabilities↗2016-06-10

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2016-06-10

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2016-06-10

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2016-06-10

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerabilities↗2016-06-10

▶

Ubuntu

Linux kernel (Utopic HWE) vulnerabilities↗2016-06-10

▶

💬Community

Bugzilla

CVE-2016-2117 kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-2117 kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers↗2016-02-26

▶