CVE-2019-16714

Опубликовано: 23 сент. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Ссылки

http://www.openwall.com/lists/oss-security/2019/09/24/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/25/1
Mailing List
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14
Mailing List
Vendor Advisory
https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/
Third Party Advisory
https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4157-1/
Third Party Advisory
https://usn.ubuntu.com/4157-2/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/24/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/25/1
Mailing List
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14
Mailing List
Vendor Advisory
https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/
Third Party Advisory
https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4157-1/
Third Party Advisory
https://usn.ubuntu.com/4157-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.2.14 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.1.0 (включая)

EPSS

Процентиль: 78%

0.01117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-909

Связанные уязвимости

CVE-2019-16714

CVSS3: 7.5

ubuntu

больше 6 лет назад

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

CVE-2019-16714

CVSS3: 7.5

redhat

больше 6 лет назад

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

CVE-2019-16714

CVSS3: 7.5

debian

больше 6 лет назад

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...

GHSA-pv85-r7p2-8r62

CVSS3: 7.5

github

больше 3 лет назад

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

EPSS

Процентиль: 78%

0.01117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-909