NVD Vulnerability Detail

CVE-2016-5244

Summary	The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
Publication Date	June 27, 2016, 7:59 p.m.
Registration Date	Jan. 26, 2021, 2:13 p.m.
Last Update	Nov. 21, 2024, 11:53 a.m.

CVSS3.0 : HIGH
スコア	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:23:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4::::::

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:24:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1::::::

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:extra::::::

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11:sp4::::::

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:::::::*

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:5:::::::*

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:suse:opensuse_leap:42.1:::::::*

Configuration13		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::

Configuration14		or higher	or less	more than	less than
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12:::::::*

Configuration15		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:22:::::::*

Configuration16		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			4.6.3

Configuration17		or higher	or less	more than	less than
cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb	Patch
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb	Patch
3	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
4	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
5	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
12	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
13	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
14	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
15	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
16	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
17	http://www.debian.org/security/2016/dsa-3607
18	http://www.debian.org/security/2016/dsa-3607
19	http://www.openwall.com/lists/oss-security/2016/06/03/5	Mailing List Technical Description
20	http://www.openwall.com/lists/oss-security/2016/06/03/5	Mailing List Technical Description
21	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
22	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
23	http://www.securityfocus.com/bid/91021
24	http://www.securityfocus.com/bid/91021
25	http://www.securitytracker.com/id/1041895
26	http://www.securitytracker.com/id/1041895
27	http://www.ubuntu.com/usn/USN-3070-1
28	http://www.ubuntu.com/usn/USN-3070-1
29	http://www.ubuntu.com/usn/USN-3070-2
30	http://www.ubuntu.com/usn/USN-3070-2
31	http://www.ubuntu.com/usn/USN-3070-3
32	http://www.ubuntu.com/usn/USN-3070-3
33	http://www.ubuntu.com/usn/USN-3070-4
34	http://www.ubuntu.com/usn/USN-3070-4
35	http://www.ubuntu.com/usn/USN-3071-1
36	http://www.ubuntu.com/usn/USN-3071-1
37	http://www.ubuntu.com/usn/USN-3071-2
38	http://www.ubuntu.com/usn/USN-3071-2
39	http://www.ubuntu.com/usn/USN-3072-1
40	http://www.ubuntu.com/usn/USN-3072-1
41	http://www.ubuntu.com/usn/USN-3072-2
42	http://www.ubuntu.com/usn/USN-3072-2
43	https://bugzilla.redhat.com/show_bug.cgi?id=1343337	Issue Tracking
44	https://bugzilla.redhat.com/show_bug.cgi?id=1343337	Issue Tracking
45	https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb	Patch
46	https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb	Patch
47	https://patchwork.ozlabs.org/patch/629110/	Patch
48	https://patchwork.ozlabs.org/patch/629110/	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

Linux Kernel の net/rds/recv.c の rds_inc_info_copy 関数におけるカーネルスタックメモリから重要な情報を取得される脆弱性

Title	Linux Kernel の net/rds/recv.c の rds_inc_info_copy 関数におけるカーネルスタックメモリから重要な情報を取得される脆弱性
Summary	Linux Kernel の net/rds/recv.c の rds_inc_info_copy 関数は、特定の構造体メンバを初期化しないため、カーネルスタックメモリから重要な情報を取得される脆弱性が存在します。
Possible impacts	第三者により、RDS メッセージを読まれることで、カーネルスタックメモリから重要な情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 2, 2016, midnight
Registration Date	June 28, 2016, 4:36 p.m.
Last Update	Sept. 6, 2016, 10:42 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux

Fedora Project

Fedora

SUSE

SUSE Linux Enterprise Live Patching

SUSE Linux Enterprise Module for Public Cloud

SUSE Linux Enterprise Debuginfo

SUSE Linux Enterprise Desktop

SUSE Linux Enterprise Real Time Extension

SUSE Linux Enterprise Server

SUSE Linux Enterprise Software Development Kit

SUSE Linux Enterprise Workstation Extension

openSUSE project

openSUSE Leap

Linux

Linux Kernel 4.6.3 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-5244	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5244
National Vulnerability Database (NVD)
2	CVE-2016-5244	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5244
Red Hat Customer Portal
3	CVE-2016-5244	https://access.redhat.com/security/cve/cve-2016-5244

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Bugzilla
1	Bug 983213	https://bugzilla.opensuse.org/show_bug.cgi?id=983213
GitHub
2	rds: fix an infoleak in rds_inc_info_copy	https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	rds: fix an infoleak in rds_inc_info_copy	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb
opensuse-security-announce
5	SUSE-SU-2016:1672	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
6	SUSE-SU-2016:1690	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
7	SUSE-SU-2016:1937	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Red Hat Bugzilla
8	Bug 1343337	https://bugzilla.redhat.com/show_bug.cgi?id=1343337

その他

No	Name	URL
関連文書
1	rds: fix an infoleak in rds_inc_info_copy	https://patchwork.ozlabs.org/patch/629110/

Change Log

No	Changed Details	Date of change
0	[2016年06月28日] 掲載 [2016年09月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：レッドハット (CVE-2016-5244) を追加ベンダ情報：openSUSE project (SUSE-SU-2016:1672) を追加ベンダ情報：openSUSE project (SUSE-SU-2016:1690) を追加ベンダ情報：openSUSE project (SUSE-SU-2016:1937) を追加ベンダ情報：openSUSE project (Bug 983213) を追加	Feb. 17, 2018, 10:37 a.m.