1. Home
  2. Vulnerabilities
  3. CVE-2019-16714

CVE-2019-16714

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.87 % (83th)
0.87% Progress
Affected Products 3
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Weaknesses
CWE-909
Missing Initialization of Resource
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-09-23 12:15:10
(5 years ago)
Updated Date
2023-11-07 03:05:42
(10 months ago)

Affected Products

Canonical

F5

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 5.2.14 version cpe:2.3:o:linux:linux_kernel < 5.2.14

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #3

    CPE23 From Up To
  F5 Traffix Signaling Delivery Controller from 5.0.0 version and 5.1.0 and prior versions cpe:2.3:a:f5:traffix_signaling_delivery_controller >= 5.0.0 <= 5.1.0