The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
Configuration 15 (hide)
|
Configuration 16 (hide)
|
Configuration 17 (hide)
|
History
No history.
Information
Published : 2016-06-27 10:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-5244
Mitre link : CVE-2016-5244
CVE.ORG link : CVE-2016-5244
JSON object : View
Products Affected
redhat
- enterprise_linux
suse
- linux_enterprise_debuginfo
- suse_linux_enterprise_server
- suse_linux_enterprise_software_development_kit
- linux_enterprise_real_time_extension
- linux_enterprise_desktop
- opensuse_leap
- linux_enterprise_workstation_extension
- linux_enterprise_server
linux
- linux_kernel
fedoraproject
- fedora
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor