← volver
CVE-2016-4486

CVE-2016-4486

EPSS 1.7%
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
cve_referencewww.exploit-db.com/exploits/46006/no verificadoexploitdbwww.exploit-db.com/exploits/46006no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1333316https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6