CVE-2016-4485

Published: May 23, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

Affected (9)

Products: Novell: Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux · Linux: Linux Kernel

Novell

3 products

Suse Linux Enterprise Debuginfo

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux Enterprise Debuginfo	Version 11 sp4
Novell Suse Linux Enterprise Server	Version 11 extra
Novell Suse Linux Enterprise Server	Version 11 sp4
Novell Suse Linux Enterprise Software Development Kit	Version 11.0 sp4

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.5.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (44)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3607

Source: cve@mitre.org

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5

Source: cve@mitre.org

Release Notes

http://www.openwall.com/lists/oss-security/2016/05/04/26

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/90015

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2989-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2996-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2997-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2998-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3000-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3001-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3002-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3003-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3004-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3005-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3006-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3007-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1333309

Source: cve@mitre.org

Issue Tracking

https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd

Source: cve@mitre.org

PatchVendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd