CVE-2016-2117

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.33 % (72^th)

Affected Products 3

Advisories 21

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2016-05-02 10:59:27
(8 years ago)
Updated Date: 2023-02-12 23:17:21
(19 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Oracle Vm Server 3.3	cpe:2.3:o:oracle:vm_server:3.3
	Oracle Vm Server 3.4	cpe:2.3:o:oracle:vm_server:3.4

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Linux Kernel 4.5.2 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.5.2

Weaknesses

Affected Products

Canonical

Linux

Oracle

Configuration #1

Configuration #2

Configuration #3