[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-2117

Date: (C)2016-06-02   (M)2017-10-12
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Reference:
BID-84500
DSA-3607
USN-2989-1
USN-2998-1
USN-3000-1
USN-3001-1
USN-3002-1
USN-3003-1
USN-3004-1
USN-3005-1
USN-3006-1
USN-3007-1
http://www.openwall.com/lists/oss-security/2016/03/16/7
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.redhat.com/show_bug.cgi?id=1312298
https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8

CPE    3
cpe:/o:canonical:ubuntu_linux:15.10
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
CWE    1
CWE-200
OVAL    18
oval:org.secpod.oval:def:703154
oval:org.secpod.oval:def:703153
oval:org.secpod.oval:def:703158
oval:org.secpod.oval:def:703159
...

© 2013 SecPod Technologies