{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160510 CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/05/10/12"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "USN-3017-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "USN-3017-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "USN-3018-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "USN-3019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"}, {"name": "90528", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90528"}, {"name": "USN-3016-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3020-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4580", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160510 CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/05/10/12"}, {"name": "https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "USN-3017-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"name": "SUSE-SU-2016:1985", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "USN-3017-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "USN-3018-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "USN-3019-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "DSA-3607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"}, {"name": "90528", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90528"}, {"name": "USN-3016-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3020-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:25.837Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20160510 CVE Request: x25: a kernel infoleak in x25_negotiate_facilities()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/05/10/12"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "USN-3017-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "USN-3017-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "USN-3018-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "USN-3019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"}, {"name": "90528", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90528"}, {"name": "USN-3016-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3020-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4580", "datePublished": "2016-05-23T10:00:00", "dateReserved": "2016-05-11T00:00:00", "dateUpdated": "2024-08-06T00:32:25.837Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C36E5B8-129B-488B-B732-83E71CF311DD", "versionEndIncluding": "4.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request."}, {"lang": "es", "value": "La funci\u00f3n x25_negotiate_facilities en net/x25/x25_facilities.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa adecuadamente una estructura de datos determinada, lo que permite a atacantes obtener informaci\u00f3n sensible del kernel de memoria de pila a trav\u00e9s de una petici\u00f3n de llamada X.25."}], "id": "CVE-2016-4580", "lastModified": "2016-11-28T20:19:05.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-23T10:59:10.177", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79e48650320e6fba48369fccf13fd045315b19b8"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/05/10/12"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90528"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3020-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/79e48650320e6fba48369fccf13fd045315b19b8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Information leak in x25 module", "id": "1338756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338756"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-665", "details": ["The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request."], "name": "CVE-2016-4580", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2016-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4580\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4580"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}