CVE-2016-4486

Updated: 2023-12-06

CWE: Information Leak / Disclosure

Description:

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

CVSS3: 3.3

Vendor State

OS	Vendor version	Errata
Ubuntu 16.04	4.4.0-24.43	USN-3006-1
Ubuntu 14.04	3.13.0-87.133	USN-2989-1
Ubuntu 14.04 HWE	4.4.0-24.43~14.04.1	USN-3005-1
Debian 8	3.16.7-ckt25-2+deb8u2	DSA-3607-1

KernelCare State

OS	Original kernel version	State
Ubuntu 16.04	4.4.0-21.37 show all hide all 4.4.0-22.40 4.4.0-22.39	Released
Ubuntu 14.04	3.13.0-53.88 show all hide all 3.13.0-39.66 3.13.0-65.106 3.13.0-57.95 3.13.0-37.64 3.13.0-49.83 3.13.0-68.111 3.13.0-59.98 3.13.0-71.114 3.13.0-86.130 3.13.0-67.110 3.13.0-70.113 3.13.0-76.120 3.13.0-41.70 3.13.0-36.63 3.13.0-44.73 3.13.0-49.81 3.13.0-86.131 3.13.0-46.75 3.13.0-85.129 3.13.0-40.69 3.13.0-33.58 3.13.0-73.116 3.13.0-43.72 3.13.0-51.84 3.13.0-62.102 3.13.0-83.127 3.13.0-38.65 3.13.0-40.68 3.13.0-45.74 3.13.0-46.76 3.13.0-46.77 3.13.0-52.86 3.13.0-53.87 3.13.0-54.91 3.13.0-55.94 3.13.0-61.100 3.13.0-62.101 3.13.0-64.104 3.13.0-66.107 3.13.0-69.112 3.13.0-72.115 3.13.0-75.119 3.13.0-65.105 3.13.0-77.121 3.13.0-32.57 3.13.0-58.97 3.13.0-46.79 3.13.0-74.118 3.13.0-34.60 3.13.0-35.62 3.13.0-48.80 3.13.0-52.85 3.13.0-66.108 3.13.0-63.103 3.13.0-55.92 3.13.0-53.89 3.13.0-79.123	Released
Ubuntu 14.04 HWE	4.4.0-21.37~14.04.1 show all hide all 4.4.0-22.40~14.04.1 4.4.0-22.39~14.04.1	Released
Debian 8	3.16.7-ckt9-3~deb8u1 show all hide all 3.16.7-ckt11-1+deb8u2 3.16.7-ckt20-1+deb8u2 3.16.7-ckt11-1+deb8u3 3.16.7-ckt20-1+deb8u4 3.16.7-ckt25-1 3.16.7-ckt11-1+deb8u4 3.16.7-ckt25-2 3.16.7-ckt11-1+deb8u5 3.16.7-ckt20-1+deb8u3 3.16.7-ckt11-1+deb8u6 3.16.7-ckt11-1+deb8u1 3.16.7-ckt11-1 3.16.7-ckt20-1+deb8u1	Released
Endurance 6 elrepo		Ready For Release
Debian 10 cloud		Will Not Fix
Debian 9 backports		Will Not Fix