CVE-2016-5244

CWE-200 — Information Exposure21 documents8 sources

Severity

7.5HIGH

EPSS

0.6%

top 31.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Fedoraproject Fedora Redhat Enterprise Linux +8 more

Timeline

PublishedJun 27

Latest updateMay 14

Description

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶NVDlinux/linux_kernel4.6.3

▶Debianlinux< 4.6.2-1+3

▶Ubuntulinux< 3.13.0-95.142+1

▶Ubuntulinux-raspi2< 4.4.0-1021.27

▶Ubuntulinux-snapdragon< 4.4.0-1024.27

Also affects: Enterprise Linux 5, 6.0, Fedora 22, 23, 24

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: patchwork.ozlabs.org ↗

🔴Vulnerability Details

GHSA

GHSA-m496-5jfw-8fgm: The rds_inc_info_copy function in net/rds/recv↗2022-05-14

▶

OSV

linux-snapdragon vulnerabilities↗2016-08-30

▶

OSV

linux-raspi2 vulnerabilities↗2016-08-30

▶

OSV

linux-lts-xenial vulnerabilities↗2016-08-30

▶

OSV

linux vulnerabilities↗2016-08-29

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (Qualcomm Snapdragon) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2016-08-29

▶

Ubuntu

Linux kernel vulnerabilities↗2016-08-29

▶

💬Community

Bugzilla

CVE-2016-5243 CVE-2016-5244 kernel: various flaws [fedora-all]↗2016-06-07

▶

Bugzilla

CVE-2016-5244 kernel: Information leak in rds_inc_info_copy↗2016-06-07

▶