Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5244

Опубликовано: 03 июн. 2016
Источник: redhat
CVSS2: 1.9
EPSS Низкий

Описание

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

A vulnerability was found in the Linux kernel in function rds_inc_info_copy of file net/rds/recv.c. The last field "flags" of object "minfo" is not initialized. This can leak data previously at the flags location to userspace.

Отчет

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 and will not be addressed in a future update. This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 7, Realtime and Red Hat Enterprise MRG 2. This has been rated as having low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/ .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1343337kernel: Information leak in rds_inc_info_copy

EPSS

Процентиль: 81%
0.01662
Низкий

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5244

CVSS3: 7.5
ubuntu
около 9 лет назад

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

nvd логотип

CVE-2016-5244

CVSS3: 7.5
nvd
около 9 лет назад

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

debian логотип

CVE-2016-5244

CVSS3: 7.5
debian
около 9 лет назад

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel t ...

github логотип

GHSA-m496-5jfw-8fgm

CVSS3: 7.5
github
около 3 лет назад

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

oracle-oval логотип

ELSA-2020-5533

oracle-oval
больше 5 лет назад

ELSA-2020-5533: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 81%
0.01662
Низкий

1.9 Low

CVSS2