// For flags

CVE-2016-4485

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

La funciĆ³n llc_cmsg_rcv en net/llc/af_llc.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a atacantes obtener informaciĆ³n sensible del kernel de memoria de pila leyendo un mensaje.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-05-04 CVE Reserved
  • 2016-05-23 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (22)
URL Tag Source
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 Release Notes
http://www.openwall.com/lists/oss-security/2016/05/04/26 Mailing List
http://www.securityfocus.com/bid/90015 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1333309 Issue Tracking
URL Date SRC
URL Date SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd 2023-09-12
https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd 2023-09-12
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html 2023-09-12
http://www.debian.org/security/2016/dsa-3607 2023-09-12
http://www.ubuntu.com/usn/USN-2989-1 2023-09-12
http://www.ubuntu.com/usn/USN-2996-1 2023-09-12
http://www.ubuntu.com/usn/USN-2997-1 2023-09-12
http://www.ubuntu.com/usn/USN-2998-1 2023-09-12
http://www.ubuntu.com/usn/USN-3000-1 2023-09-12
http://www.ubuntu.com/usn/USN-3001-1 2023-09-12
http://www.ubuntu.com/usn/USN-3002-1 2023-09-12
http://www.ubuntu.com/usn/USN-3003-1 2023-09-12
http://www.ubuntu.com/usn/USN-3004-1 2023-09-12
http://www.ubuntu.com/usn/USN-3005-1 2023-09-12
http://www.ubuntu.com/usn/USN-3006-1 2023-09-12
http://www.ubuntu.com/usn/USN-3007-1 2023-09-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
 Suse Linux Enterprise Software Development Kit
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit"
 11.0
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "11.0"
sp4
Affected
Novell
Search vendor "Novell"
 Suse Linux Enterprise Debuginfo
Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo"
 11
Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo" and version "11"
sp4
Affected
Novell
Search vendor "Novell"
 Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
 11
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11"
extra
Affected
Novell
Search vendor "Novell"
 Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
 11
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11"
sp4
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 4.5.4
Search vendor "Linux" for product "Linux Kernel" and version " <= 4.5.4"
-
Affected