In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/09/24/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2019/09/25/1 | Mailing List Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14 | Mailing List Vendor Advisory |
https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20191031-0005/ | Third Party Advisory |
https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS | |
https://usn.ubuntu.com/4157-1/ | Third Party Advisory |
https://usn.ubuntu.com/4157-2/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
31 Mar 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Canonical ubuntu Linux
Canonical F5 traffix Signaling Delivery Controller F5 |
|
CPE | cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:* |
|
References | (UBUNTU) https://usn.ubuntu.com/4157-1/ - Third Party Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K48351130?utm_source=f5support&utm_medium=RSS - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/09/24/2 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/09/25/1 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191031-0005/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4157-2/ - Third Party Advisory | |
CWE | CWE-909 |
Information
Published : 2019-09-23 12:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-16714
Mitre link : CVE-2019-16714
CVE.ORG link : CVE-2019-16714
JSON object : View
Products Affected
linux
- linux_kernel
f5
- traffix_signaling_delivery_controller
canonical
- ubuntu_linux
CWE
CWE-909
Missing Initialization of Resource