Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4486

CWE-200Information Exposure22 documents10 sources
Severity
3.3LOW
EPSS
0.5%
top 33.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Linux Linux KernelCanonical Ubuntu LinuxNovell Suse Linux Enterprise Debuginfo+7 more
Timeline
PublishedMay 23
Latest updateMay 14

Description

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages10 packages

Debianlinux< 4.5.4-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-w757-gq6j-hrx5: The rtnl_fill_link_ifmap function in net/core/rtnetlink2022-05-14
CVEList
CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink2016-05-23
OSV
CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink2016-05-23

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure2018-12-19

📋Vendor Advisories

15
Android
CVE-2016-4486: Android Security Bulletin 2016-08-01 CVE: CVE-2016-4486 Severity: MEDIUM References: A-28620102 Upstream kernel2016-08-01
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel vulnerabilities2016-06-10

💬Community

2
Bugzilla
CVE-2016-4486 kernel: Information leak in rtnetlink2016-05-05
Bugzilla
CVE-2016-4485 CVE-2016-4486 kernel: various flaws [fedora-all]2016-05-05
CVE-2016-4486 (LOW CVSS 3.3) | The rtnl_fill_link_ifmap function i | cvebase.io