CVE-2016-4486

Published: May 23, 2016Modified: May 6, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Affected (20)

Products: Novell: Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop, Suse Linux Enterprise Live Patching, Suse Linux Enterprise Module For Public Cloud, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Suse Linux Enterprise Workstation Extension · Canonical: Ubuntu Linux · Linux: Linux Kernel

Novell

8 products

Suse Linux Enterprise Debuginfo

Suse Linux Enterprise Desktop

Suse Linux Enterprise Live Patching

Suse Linux Enterprise Module For Public Cloud

Suse Linux Enterprise Real Time Extension

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Suse Linux Enterprise Workstation Extension

1 product

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux Enterprise Debuginfo	Version 11.0 sp4
Novell Suse Linux Enterprise Desktop	Version 12.0
Novell Suse Linux Enterprise Desktop	Version 12.0 sp1
Novell Suse Linux Enterprise Live Patching	Version 12.0
Novell Suse Linux Enterprise Module For Public Cloud	Version 12.0
Novell Suse Linux Enterprise Real Time Extension	Version 12.0 sp1
Novell Suse Linux Enterprise Server	Version 11.0 extra
Novell Suse Linux Enterprise Server	Version 11.0 sp4
Novell Suse Linux Enterprise Server	Version 12.0
Novell Suse Linux Enterprise Server	Version 12.0 sp1
Novell Suse Linux Enterprise Software Development Kit	Version 11.0 sp4
Novell Suse Linux Enterprise Software Development Kit	Version 12.0
Novell Suse Linux Enterprise Software Development Kit	Version 12.0 sp1
Novell Suse Linux Enterprise Workstation Extension	Version 12.0
Novell Suse Linux Enterprise Workstation Extension	Version 12.0 sp1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.5.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (58)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3607

Source: cve@mitre.org

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/04/27

Source: cve@mitre.org

http://www.securityfocus.com/bid/90051

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2989-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2996-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2997-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2998-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3000-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3001-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3002-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3003-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3004-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3005-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3006-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3007-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1333316

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/46006/

Source: cve@mitre.org

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6