CVE-2016-4580 : The x25_negotiate_facilities function in net/x25/x25

The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

Published 2016-05-23 10:59:10

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2016-4580

Linux » Linux Kernel
Versions up to, including, (<=) 4.5.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-4580

EPSS FAQ

0.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4580

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-4580

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4580

http://www.ubuntu.com/usn/USN-3019-1

USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3016-4

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3020-1

USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3017-2

USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8

kernel/git/torvalds/linux.git - Linux kernel source tree
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

[security-announce] SUSE-SU-2016:1672-1: important: Security update for

CVEs referencing this url
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3016-1

USN-3016-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8

net: fix a kernel infoleak in x25 module · torvalds/linux@79e4865 · GitHub
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

[security-announce] openSUSE-SU-2016:1641-1: important: Security update

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3016-3

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3021-1

USN-3021-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3021-2

USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3017-3

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3018-1

USN-3018-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.securityfocus.com/bid/90528

Linux Kernel 'net/x25/x25_facilities.c' Local Information Disclosure Vulnerability
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

[security-announce] SUSE-SU-2016:1985-1: important: Security update for

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/05/10/12

oss-security - CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()
http://www.debian.org/security/2016/dsa-3607

Debian -- Security Information -- DSA-3607-1 linux

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3017-1

USN-3017-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3018-2

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3016-2

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-4580

Products affected by CVE-2016-4580

Exploit prediction scoring system (EPSS) score for CVE-2016-4580

CVSS scores for CVE-2016-4580

CWE ids for CVE-2016-4580

References for CVE-2016-4580