2.1
CVSSv2

CVE-2016-4486

Published: 23/05/2016 Updated: 20/12/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel prior to 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Vulnerability Trend

Vendor Advisories

The rtnl_fill_link_ifmap function in net/core/rtnetlinkc in the Linux kernel before 455 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area (CVE-2016-3961 / XSA-174) A flaw was found in the way the Linux kernel's ASN1 DER decoder processed certain certificate files with tags ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update The Nexus firmware images have also been released to the Google Developer site Security Patch Levels of August 05, 2016 or later addr ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Sec ...

Mailing Lists

Linux kernel version 44 rtnetlink stack memory disclosure exploit ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

References

CWE-200http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlhttp://www.debian.org/security/2016/dsa-3607http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5http://www.openwall.com/lists/oss-security/2016/05/04/27http://www.securityfocus.com/bid/90051http://www.ubuntu.com/usn/USN-2989-1http://www.ubuntu.com/usn/USN-2996-1http://www.ubuntu.com/usn/USN-2997-1http://www.ubuntu.com/usn/USN-2998-1http://www.ubuntu.com/usn/USN-3000-1http://www.ubuntu.com/usn/USN-3001-1http://www.ubuntu.com/usn/USN-3002-1http://www.ubuntu.com/usn/USN-3003-1http://www.ubuntu.com/usn/USN-3004-1http://www.ubuntu.com/usn/USN-3005-1http://www.ubuntu.com/usn/USN-3006-1http://www.ubuntu.com/usn/USN-3007-1https://bugzilla.redhat.com/show_bug.cgi?id=1333316https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6https://www.exploit-db.com/exploits/46006/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2016-4486https://nvd.nist.govhttps://packetstormsecurity.com/files/150840/Linux-Kernel-4.4-rtnetlink-Stack-Memory-Disclosure.htmlhttps://usn.ubuntu.com/3005-1/https://access.redhat.com/security/cve/cve-2016-4486