CVE-2016-2117

Published May 2, 2016

Last updated 2 years ago

Overview

Description: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D62B2C-40E5-41B7-9DAA-029BCD079054"
          },
          {
            "criteria": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BA58099-26F7-4B01-B9FC-275F012FE9C6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E93DE20-F6CD-4B8B-836D-7844A2697466",
            "versionEndIncluding": "4.5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References