Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 27, 2016 - 10:59 cve.org
HIGH 7.5

DescriptionCVE.org

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

AnalysisAI

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. Affected products include: Fedoraproject Fedora, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Server, Redhat Enterprise Linux. Version information: through 4.6.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2014-3687 HIGH POC
7.5 Nov 10

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through

CVE-2014-8369 HIGH POC
7.8 Nov 10

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of page

CVE-2014-5077 HIGH
7.1 Aug 01

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is e

CVE-2014-8559 MEDIUM POC
5.5 Nov 10

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename

CVE-2014-4608 HIGH
7.3 Jul 03

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompres

CVE-2016-2782 MEDIUM POC
4.6 Apr 27

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attack

CVE-2014-3601 MEDIUM POC
4.3 Sep 01

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of page

CVE-2014-4667 MEDIUM
5.0 Jul 03

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a

CVE-2015-8539 HIGH
7.8 Feb 08

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BU

CVE-2014-1737 HIGH
7.2 May 11

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error

CVE-2015-8785 MEDIUM
6.2 Feb 08

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial

CVE-2014-9585 LOW POC
2.1 Jan 09

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locatio

Share

CVE-2016-5244 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy