cvelistv5 - cve-2019-16714

CVE-2019-16714 (GCVE-0-2019-16714)

Vulnerability from cvelistv5

Published

2019-09-23 11:45

Modified

2024-08-05 01:17

Severity ?

CWE

Summary

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

References

URL

Tags

cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/09/24/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/09/25/1	Mailing List, Third Party Advisory
cve@mitre.org	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14	Mailing List, Vendor Advisory
cve@mitre.org	https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736	Patch, Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20191031-0005/	Third Party Advisory
cve@mitre.org	https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
cve@mitre.org	https://usn.ubuntu.com/4157-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4157-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/09/24/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/09/25/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20191031-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4157-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4157-2/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:17:41.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
          },
          {
            "name": "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
          },
          {
            "name": "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "USN-4157-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4157-1/"
          },
          {
            "name": "USN-4157-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4157-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-31T08:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
        },
        {
          "name": "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
        },
        {
          "name": "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "USN-4157-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4157-1/"
        },
        {
          "name": "USN-4157-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4157-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
            },
            {
              "name": "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
            },
            {
              "name": "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
            },
            {
              "name": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "USN-4157-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4157-1/"
            },
            {
              "name": "USN-4157-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4157-2/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16714",
    "datePublished": "2019-09-23T11:45:20",
    "dateReserved": "2019-09-23T00:00:00",
    "dateUpdated": "2024-08-05T01:17:41.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-16714\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-23T12:15:10.847\",\"lastModified\":\"2024-11-21T04:31:02.567\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux versiones anteriores a 5.2.14, la funci\u00f3n rds6_inc_info_copy en el archivo net/rds/recv.c permite a atacantes obtener informaci\u00f3n confidencial de la memoria de la pila del kernel porque los campos tos y flags no est\u00e1n inicializados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-909\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.14\",\"matchCriteriaId\":\"E0C02F8E-5352-428C-AF29-EEC37F1C9FC9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.1.0\",\"matchCriteriaId\":\"4E52F91D-3F39-4D89-8069-EC422FB1F700\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/09/24/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/09/25/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191031-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4157-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4157-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/09/24/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/09/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191031-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4157-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4157-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

cnvd-2019-38261

Vulnerability from cnvd

Title

Linux kernel信息泄露漏洞（CNVD-2019-38261）

Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.2.14之前版本存在信息泄露漏洞。该漏洞源于tos和flags字段未初始化。攻击者可利用该漏洞从内核栈内存中获取敏感信息。

Severity

中

Patch Name

Linux kernel信息泄露漏洞（CNVD-2019-38261）的补丁

Patch Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.2.14之前版本存在信息泄露漏洞。该漏洞源于tos和flags字段未初始化。攻击者可利用该漏洞从内核栈内存中获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-16714

Impacted products

Name
Linux Linux kernel <5.2.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16714",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-16714"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.2.14\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8etos\u548cflags\u5b57\u6bb5\u672a\u521d\u59cb\u5316\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5185\u6838\u6808\u5185\u5b58\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-38261",
  "openTime": "2019-10-30",
  "patchDescription": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\r\n\r\nLinux kernel 5.2.14\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8etos\u548cflags\u5b57\u6bb5\u672a\u521d\u59cb\u5316\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5185\u6838\u6808\u5185\u5b58\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-38261\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Linux kernel \u003c5.2.14"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16714",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-24",
  "title": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-38261\uff09"
}

gsd-2019-16714

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Aliases

CVE-2019-16714

Aliases

CVE-2019-16714

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-16714",
    "description": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.",
    "id": "GSD-2019-16714",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-16714.html",
      "https://ubuntu.com/security/CVE-2019-16714",
      "https://advisories.mageia.org/CVE-2019-16714.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-16714"
      ],
      "details": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.",
      "id": "GSD-2019-16714",
      "modified": "2023-12-13T01:23:40.891101Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-16714",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
          },
          {
            "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14",
            "refsource": "MISC",
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
          },
          {
            "name": "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
          },
          {
            "name": "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
          },
          {
            "name": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS"
          },
          {
            "name": "USN-4157-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4157-1/"
          },
          {
            "name": "USN-4157-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4157-2/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16714"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-909"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
            },
            {
              "name": "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
            },
            {
              "name": "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
            },
            {
              "name": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "USN-4157-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4157-1/"
            },
            {
              "name": "USN-4157-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4157-2/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-03-31T17:45Z",
      "publishedDate": "2019-09-23T12:15Z"
    }
  }
}

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ubuntu	Ubuntu	Ubuntu 19.04

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4157-1 du 17 octobre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 19.04",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-15505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
    },
    {
      "name": "CVE-2019-16714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16714"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-15504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15504"
    },
    {
      "name": "CVE-2019-14814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14814"
    },
    {
      "name": "CVE-2019-14815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14815"
    },
    {
      "name": "CVE-2019-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2181"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15902"
    }
  ],
  "initial_release_date": "2019-10-17T00:00:00",
  "last_revision_date": "2019-10-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-518",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4157-1 du 17 octobre 2019",
      "url": "https://usn.ubuntu.com/4157-1/"
    }
  ]
}

CERTFR-2019-AVI-527

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 19.10
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4157-2 du 22 octobre 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4163-2 du 23 octobre 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4162-2 du 23 octobre 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4163-1 du 22 octobre 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4162-1 du 22 octobre 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-4161-1 du 22 octobre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 19.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-15505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
    },
    {
      "name": "CVE-2019-16714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16714"
    },
    {
      "name": "CVE-2019-15118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15118"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-15918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15918"
    },
    {
      "name": "CVE-2019-15504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15504"
    },
    {
      "name": "CVE-2016-10906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10906"
    },
    {
      "name": "CVE-2017-18232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18232"
    },
    {
      "name": "CVE-2019-14814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14814"
    },
    {
      "name": "CVE-2019-14815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14815"
    },
    {
      "name": "CVE-2018-21008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-21008"
    },
    {
      "name": "CVE-2019-18198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18198"
    },
    {
      "name": "CVE-2019-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2181"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15902"
    },
    {
      "name": "CVE-2019-15117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15117"
    }
  ],
  "initial_release_date": "2019-10-22T00:00:00",
  "last_revision_date": "2019-10-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-527",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-22T00:00:00.000000"
    },
    {
      "description": "Ajout des bulletins de s\u00e9curit\u00e9 Ubuntu USN-4162-2 et USN-4163-2 du 23 octobre 2019",
      "revision_date": "2019-10-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4157-2 du 22 octobre 2019",
      "url": "https://usn.ubuntu.com/4157-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4163-2 du 23 octobre 2019",
      "url": "https://usn.ubuntu.com/4163-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4162-2 du 23 octobre 2019",
      "url": "https://usn.ubuntu.com/4162-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4163-1 du 22 octobre 2019",
      "url": "https://usn.ubuntu.com/4163-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4162-1 du 22 octobre 2019",
      "url": "https://usn.ubuntu.com/4162-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4161-1 du 22 octobre 2019",
      "url": "https://usn.ubuntu.com/4161-1/"
    }
  ]
}

fkie_cve-2019-16714

Vulnerability from fkie_nvd

Published

2019-09-23 12:15

Modified

2024-11-21 04:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/09/24/2	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2019/09/25/1	Mailing List, Third Party Advisory
cve@mitre.org	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14	Mailing List, Vendor Advisory
cve@mitre.org	https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736	Patch, Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20191031-0005/	Third Party Advisory
cve@mitre.org	https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
cve@mitre.org	https://usn.ubuntu.com/4157-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4157-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/09/24/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/09/25/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20191031-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4157-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4157-2/	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
f5	traffix_signaling_delivery_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C02F8E-5352-428C-AF29-EEC37F1C9FC9",
              "versionEndExcluding": "5.2.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux versiones anteriores a 5.2.14, la funci\u00f3n rds6_inc_info_copy en el archivo net/rds/recv.c permite a atacantes obtener informaci\u00f3n confidencial de la memoria de la pila del kernel porque los campos tos y flags no est\u00e1n inicializados."
    }
  ],
  "id": "CVE-2019-16714",
  "lastModified": "2024-11-21T04:31:02.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-23T12:15:10.847",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4157-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4157-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4157-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4157-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-909"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-pv85-r7p2-8r62

Vulnerability from github

Published

2022-05-24 22:00

Modified

2022-05-24 22:00

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-16714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-23T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.",
  "id": "GHSA-pv85-r7p2-8r62",
  "modified": "2022-05-24T22:00:42Z",
  "published": "2022-05-24T22:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16714"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191031-0005"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K48351130?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4157-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4157-2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/24/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-16714 (GCVE-0-2019-16714)

Vulnerability from cvelistv5

cnvd-2019-38261

Vulnerability from cnvd

gsd-2019-16714

Vulnerability from gsd

CERTFR-2019-AVI-518

Vulnerability from certfr_avis

Solution

CERTFR-2019-AVI-527

Vulnerability from certfr_avis

Solution

fkie_cve-2019-16714

Vulnerability from fkie_nvd

ghsa-pv85-r7p2-8r62

Vulnerability from github

Tags

Sightings

Nomenclature