CVE-2016-4482

Updated: 2023-12-06

CWE: Information Leak / Disclosure

Description:

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

CVSS3: 6.2


Vendor State

OS Vendor version Errata
Ubuntu 16.04 4.4.0-28.47 USN-3016-1
Ubuntu 14.04 3.13.0-91.138 USN-3018-1
Ubuntu 14.04 HWE 4.4.0-28.47~14.04.1 USN-3016-4
Debian 8 3.16.7-ckt25-2+deb8u2 DSA-3607-1

KernelCare State

OS Original kernel version State
Ubuntu 16.04
4.4.0-22.40 show all hide all
4.4.0-24.43 4.4.0-22.39 4.4.0-21.37 4.4.0-23.41
Released
Ubuntu 14.04
3.13.0-53.88 show all hide all
3.13.0-39.66 3.13.0-65.106 3.13.0-57.95 3.13.0-37.64 3.13.0-49.83 3.13.0-68.111 3.13.0-59.98 3.13.0-71.114 3.13.0-86.130 3.13.0-67.110 3.13.0-70.113 3.13.0-76.120 3.13.0-41.70 3.13.0-36.63 3.13.0-44.73 3.13.0-49.81 3.13.0-86.131 3.13.0-85.129 3.13.0-46.75 3.13.0-40.69 3.13.0-33.58 3.13.0-73.116 3.13.0-43.72 3.13.0-51.84 3.13.0-62.102 3.13.0-83.127 3.13.0-54.91 3.13.0-38.65 3.13.0-40.68 3.13.0-45.74 3.13.0-46.76 3.13.0-46.77 3.13.0-52.86 3.13.0-53.87 3.13.0-55.94 3.13.0-61.100 3.13.0-62.101 3.13.0-64.104 3.13.0-66.107 3.13.0-69.112 3.13.0-72.115 3.13.0-75.119 3.13.0-65.105 3.13.0-77.121 3.13.0-58.97 3.13.0-32.57 3.13.0-46.79 3.13.0-74.118 3.13.0-52.85 3.13.0-34.60 3.13.0-35.62 3.13.0-48.80 3.13.0-87.133 3.13.0-66.108 3.13.0-63.103 3.13.0-88.135 3.13.0-55.92 3.13.0-53.89 3.13.0-79.123
Released
Ubuntu 14.04 HWE
4.4.0-24.43~14.04.1 show all hide all
4.4.0-22.40~14.04.1 4.4.0-21.37~14.04.1 4.4.0-23.41~14.04.1 4.4.0-22.39~14.04.1
Released
Debian 8
3.16.7-ckt9-3~deb8u1 show all hide all
3.16.7-ckt11-1+deb8u2 3.16.7-ckt20-1+deb8u2 3.16.7-ckt11-1+deb8u3 3.16.7-ckt20-1+deb8u4 3.16.7-ckt25-1 3.16.7-ckt11-1+deb8u4 3.16.7-ckt25-2 3.16.7-ckt11-1+deb8u5 3.16.7-ckt20-1+deb8u3 3.16.7-ckt11-1+deb8u6 3.16.7-ckt11-1+deb8u1 3.16.7-ckt11-1 3.16.7-ckt20-1+deb8u1
Released
Endurance 6 elrepo
Ready For Release
Debian 10 cloud
Will Not Fix
Debian 9 backports
Will Not Fix