CVE-2016-4485
UnknownEPSS 4.67%
Last modified
CVE-2016-4485 is a vulnerability of currently unknown severity. The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.. EPSS estimates a 4.67% chance of exploitation in the next 30 days.
Description
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 11.0 | Sp4 |
| Novell | Suse Linux Enterprise Debuginfo | 11 | Sp4 |
| Novell | Suse Linux Enterprise Server | 11 | Extra |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| Canonical | Ubuntu Linux | 15.10 | — |
| Canonical | Ubuntu Linux | 16.04 | — |
| Linux | Linux Kernel | <= 4.5.4 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlThird Party Advisory
- http://www.ubuntu.com/usn/USN-2989-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2996-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2997-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2998-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3000-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3001-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3002-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3003-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3004-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3005-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3006-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3007-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1333309Issue Tracking
- https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fdPatch, Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlThird Party Advisory
- http://www.ubuntu.com/usn/USN-2989-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2996-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2997-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2998-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3000-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3001-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3002-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3003-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3004-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3005-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3006-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-3007-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1333309Issue Tracking
- https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fdPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-4485?
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
How severe is CVE-2016-4485?
Severity scoring for CVE-2016-4485 is pending analysis. The EPSS model estimates a 4.67% probability of exploitation in the next 30 days.
How do I fix CVE-2016-4485?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-4485?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST