Published: 27/06/2016 Updated: 28/11/2016

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel up to and including 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Sec ...

It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL (CVE-2016-1237) A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which ...

A leak of information was possible when issuing a netlink command of the stack memory area leading up to this function call An attacker could use this to determine stack information for use in a later exploit ...

Several security issues were fixed in the kernel ...

CVE-2016-5243

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect