3.3

CVE-2016-4486

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellSuse Linux Enterprise Debuginfo Version11.0 Updatesp4
NovellSuse Linux Enterprise Desktop Version12.0 Updatesp1
NovellSuse Linux Enterprise Server Version11.0 Updateextra
NovellSuse Linux Enterprise Server Version11.0 Updatesp4
NovellSuse Linux Enterprise Server Version12.0 Updatesp1
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
LinuxLinux Kernel Version <= 4.5.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.744
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
http://www.ubuntu.com/usn/USN-2989-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2998-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3000-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3001-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3002-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3003-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3004-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3607
http://www.ubuntu.com/usn/USN-2996-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2997-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3005-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3006-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3007-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6
http://www.openwall.com/lists/oss-security/2016/05/04/27
http://www.securityfocus.com/bid/90051
https://bugzilla.redhat.com/show_bug.cgi?id=1333316
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
Vendor Advisory
https://www.exploit-db.com/exploits/46006/