7.5

CVE-2016-4485

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellSuse Linux Enterprise Debuginfo Version11 Updatesp4
NovellSuse Linux Enterprise Server Version11 Updateextra
NovellSuse Linux Enterprise Server Version11 Updatesp4
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
LinuxLinux Kernel Version <= 4.5.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.67% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.ubuntu.com/usn/USN-2989-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2998-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3000-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3001-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3002-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3003-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3004-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3607
http://www.ubuntu.com/usn/USN-2996-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2997-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3005-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3006-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3007-1
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd
Patch
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Release Notes
http://www.openwall.com/lists/oss-security/2016/05/04/26
Mailing List
http://www.securityfocus.com/bid/90015
https://bugzilla.redhat.com/show_bug.cgi?id=1333309
Issue Tracking
https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd
Patch
Vendor Advisory