CVE-2016-5244

EPSS 0.56%
Veröffentlicht 27.06.2016 10:59:11
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 27

NVD 17 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version23

Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp4

Fedoraproject ≫ Fedora Version24

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4

Suse ≫ Linux Enterprise Real Time Extension Version12 Updatesp1

Suse ≫ Linux Enterprise Server Version11 Updateextra

Redhat ≫ Enterprise Linux Version6.0

Suse ≫ Suse Linux Enterprise Software Development Kit Version11 Updatesp4

Suse ≫ Linux Enterprise Workstation Extension Version12

Redhat ≫ Enterprise Linux Version5

Suse ≫ Linux Enterprise Desktop Version12

Suse ≫ Opensuse Leap Version42.1

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Suse ≫ Suse Linux Enterprise Software Development Kit Version12

Fedoraproject ≫ Fedora Version22

Linux ≫ Linux Kernel Version <= 4.6.3

Suse ≫ Suse Linux Enterprise Server Version12

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.677

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Third Party Advisory

Mailing List

http://www.debian.org/security/2016/dsa-3607

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

Third Party Advisory

Mailing List

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb

Patch

http://www.openwall.com/lists/oss-security/2016/06/03/5

Mailing List

Technical Description

http://www.securityfocus.com/bid/91021

http://www.securitytracker.com/id/1041895

http://www.ubuntu.com/usn/USN-3070-1

http://www.ubuntu.com/usn/USN-3070-2

http://www.ubuntu.com/usn/USN-3070-3

http://www.ubuntu.com/usn/USN-3070-4

http://www.ubuntu.com/usn/USN-3071-1

http://www.ubuntu.com/usn/USN-3071-2

http://www.ubuntu.com/usn/USN-3072-1

http://www.ubuntu.com/usn/USN-3072-2

https://bugzilla.redhat.com/show_bug.cgi?id=1343337

Issue Tracking

https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb

Patch

https://patchwork.ozlabs.org/patch/629110/

Patch

https://nvd.nist.gov/vuln/detail/CVE-2016-5244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5244

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-5244