CVE-2016-4482
CVSS v3.0
6.2 (Medium)
CVSS v2.0
2.1 (Low)
EPSS
0.13 % (50th)
Affected Products
11
Advisories
28
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2016-05-23 10:59:00
(8 years ago) - Updated Date
-
2023-09-12 14:55:31
(12 months ago)
Affected Products
- Suse Linux Enterprise Software Development Kit
- Suse Linux Enterprise Debuginfo
- Suse Linux Enterprise Desktop
- Suse Linux Enterprise Live Patching
- Suse Linux Enterprise Module For Public Cloud
- Suse Linux Enterprise Real Time Extension
- Suse Linux Enterprise Server
- Suse Linux Enterprise Workstation Extension
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...