CVE-2016-4486

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-2015, CVE-2013-4312, CVE-2013-7446, CVE-2014-9717, CVE-2014-9904, CVE-2015-0272, CVE-2015-3339, CVE-2015-4004, CVE-2015-5307, CVE-2015-6252, CVE-2015-6937, CVE-2015-7509, CVE-2015-7513, CVE-2015-7515, CVE-2015-7550, CVE-2015-7566, CVE-2015-7799, CVE-2015-7833, CVE-2015-7872, CVE-2015-7990, CVE-2015-8104, CVE-2015-8215, CVE-2015-8539, CVE-2015-8543, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8767, CVE-2015-8785, CVE-2015-8812, CVE-2015-8816, CVE-2015-8839, CVE-2015-8845, CVE-2016-0723, CVE-2016-0758, CVE-2016-0821, CVE-2016-1237, CVE-2016-1583, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-2188, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549, CVE-2016-2782, CVE-2016-2847, CVE-2016-3070, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3139, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4470, CVE-2016-4482, CVE-2016-4485, CVE-2016-4557, CVE-2016-4558, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4581, CVE-2016-4805, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998, CVE-2016-5243, CVE-2016-5244, CVE-2016-5696, CVE-2016-5828, CVE-2016-5829, CVE-2016-6480

Published on 23/05/16 - Updated on 28/11/16

Description

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2016-4486
Amazon Linux ALAS-2016-703
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CERTFR-2016-AVI-267
Debian DSA-3607-1
Debian LTSDLA-516-1
SUSE SUSE-SU-2016:1672, SUSE-SU-2016:1690, SUSE-SU-2016:1696, SUSE-SU-2016:2074, SUSE-SU-2016:2105, SUSE-SU-2016:2245
Ubuntu USN-2989-1, USN-2996-1, USN-2997-1, USN-2998-1, USN-3000-1, USN-3001-1, USN-3002-1, USN-3003-1, USN-3004-1, USN-3005-1, USN-3006-1, USN-3007-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
linuxlinux_kernel
novellsuse_linux_enterprise_debuginfo
novellsuse_linux_enterprise_desktop
novellsuse_linux_enterprise_live_patching
novellsuse_linux_enterprise_module_for_public_cloud
novellsuse_linux_enterprise_real_time_extension
novellsuse_linux_enterprise_server
novellsuse_linux_enterprise_software_development_kit
novellsuse_linux_enterprise_workstation_extension

Share this vulnerability with:

Twitter Facebook LinkedIn Mail