Vulnerability Details : CVE-2016-4580

The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
Publish Date : 2016-05-23 Last Update Date : 2016-11-28

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Obtain Information
CWE ID	200

- Products Affected By CVE-2016-4580

#	Product Type	Vendor	Product	Version	Edition
1	OS	Canonical	Ubuntu Linux	12.04	~~lts~~~	Version Details Vulnerabilities
2	OS	Canonical	Ubuntu Linux	14.04	~~lts~~~	Version Details Vulnerabilities
3	OS	Canonical	Ubuntu Linux	15.10		Version Details Vulnerabilities
4	OS	Canonical	Ubuntu Linux	16.04	~~lts~~~	Version Details Vulnerabilities
5	OS	Linux	Linux Kernel	4.5.4		Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Canonical	Ubuntu Linux	4
Linux	Linux Kernel	1

- References For CVE-2016-4580

http://www.ubuntu.com/usn/USN-3021-1
UBUNTU USN-3021-1

https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8 CONFIRM

http://www.ubuntu.com/usn/USN-3021-2
UBUNTU USN-3021-2

http://www.ubuntu.com/usn/USN-3019-1
UBUNTU USN-3019-1

http://www.ubuntu.com/usn/USN-3018-2
UBUNTU USN-3018-2

http://www.ubuntu.com/usn/USN-3018-1
UBUNTU USN-3018-1

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
SUSE openSUSE-SU-2016:1641

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SUSE SUSE-SU-2016:1672

http://www.ubuntu.com/usn/USN-3017-3
UBUNTU USN-3017-3

http://www.ubuntu.com/usn/USN-3017-2
UBUNTU USN-3017-2

http://www.ubuntu.com/usn/USN-3017-1
UBUNTU USN-3017-1

http://www.ubuntu.com/usn/USN-3016-4
UBUNTU USN-3016-4

http://www.ubuntu.com/usn/USN-3016-3
UBUNTU USN-3016-3

http://www.ubuntu.com/usn/USN-3016-2
UBUNTU USN-3016-2

http://www.openwall.com/lists/oss-security/2016/05/10/12
MLIST [oss-security] 20160510 CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()

http://www.securityfocus.com/bid/90528
BID 90528 Linux Kernel 'net/x25/x25_facilities.c' Local Information Disclosure Vulnerability Release Date:2017-05-23

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 CONFIRM

http://www.ubuntu.com/usn/USN-3020-1
UBUNTU USN-3020-1

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
SUSE SUSE-SU-2016:1985

http://www.debian.org/security/2016/dsa-3607
DEBIAN DSA-3607

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8 CONFIRM

http://www.ubuntu.com/usn/USN-3016-1
UBUNTU USN-3016-1

- Metasploit Modules Related To CVE-2016-4580

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)