CVE-2016-4485

Ubuntu Security Notice USN-3002-1

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

La función llc_cmsg_rcv en net/llc/af_llc.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a atacantes obtener información sensible del kernel de memoria de pila leyendo un mensaje.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-05-04 CVE Reserved
2016-05-23 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (22)

URL	Tag	Source
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5	Release Notes
http://www.openwall.com/lists/oss-security/2016/05/04/26	Mailing List
http://www.securityfocus.com/bid/90015	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1333309	Issue Tracking

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd	2023-09-12
https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd	2023-09-12

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	2023-09-12
http://www.debian.org/security/2016/dsa-3607	2023-09-12
http://www.ubuntu.com/usn/USN-2989-1	2023-09-12
http://www.ubuntu.com/usn/USN-2996-1	2023-09-12
http://www.ubuntu.com/usn/USN-2997-1	2023-09-12
http://www.ubuntu.com/usn/USN-2998-1	2023-09-12
http://www.ubuntu.com/usn/USN-3000-1	2023-09-12
http://www.ubuntu.com/usn/USN-3001-1	2023-09-12
http://www.ubuntu.com/usn/USN-3002-1	2023-09-12
http://www.ubuntu.com/usn/USN-3003-1	2023-09-12
http://www.ubuntu.com/usn/USN-3004-1	2023-09-12
http://www.ubuntu.com/usn/USN-3005-1	2023-09-12
http://www.ubuntu.com/usn/USN-3006-1	2023-09-12
http://www.ubuntu.com/usn/USN-3007-1	2023-09-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Novell Search vendor "Novell"		Suse Linux Enterprise Software Development Kit Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit"				11.0 Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "11.0"		sp4		Affected
Novell Search vendor "Novell"		Suse Linux Enterprise Debuginfo Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo"				11 Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo" and version "11"		sp4		Affected
Novell Search vendor "Novell"		Suse Linux Enterprise Server Search vendor "Novell" for product "Suse Linux Enterprise Server"				11 Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11"		extra		Affected
Novell Search vendor "Novell"		Suse Linux Enterprise Server Search vendor "Novell" for product "Suse Linux Enterprise Server"				11 Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11"		sp4		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.5.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.5.4"		-		Affected