Information disclosure in Linux Linux_kernel
CVE-2016-5244
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS mes…
Vulnerability class: Information Disclosure
EPSS: 0.006 (68.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Linux Linux_kernel
- Fedoraproject Fedora — versions 23, 24, 22
- Redhat Enterprise_linux — versions 6.0, 5
- Suse Linux_enterprise_debuginfo — versions 11
- Suse Linux_enterprise_desktop — versions 12
- Suse Linux_enterprise_real_time_extension — versions 11, 12
- Suse Linux_enterprise_server — versions 11
- Suse Linux_enterprise_workstation_extension — versions 12
- Suse Opensuse_leap — versions 42.1
- Suse Suse_linux_enterprise_server — versions 12
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- SUSE-SU-2016:1690 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- USN-3070-1 (x_refsource_UBUNTU, vendor-advisory)
- [oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy (mailing-list, Technical Description, x_refsource_MLIST, Mailing List)
- SUSE-SU-2016:1985 (vendor-advisory, x_refsource_SUSE)
- openSUSE-SU-2016:2184 (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- USN-3070-3 (x_refsource_UBUNTU, vendor-advisory)
- 1041895 (vdb-entry, x_refsource_SECTRACK)
- openSUSE-SU-2016:1641 (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2016-5244?
- CVE-2016-5244 is a high-severity vulnerability in Linux Linux_kernel, classified under Information Disclosure. CVSS score: 7.5/10. Published 2016-06-27.
- How severe is CVE-2016-5244?
- High severity. CVSS v3 base score is 7.5 out of 10.