Ubuntu.comUB:CVE-2019-16714CVE-2019-16714
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.3%
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c
allows attackers to obtain sensitive information from kernel stack memory
because tos and flags fields are not initialized.
Notes
| Author | Note |
|---|---|
| tyhicks | This is a local info leak that is only reachable by calling the getsockopt(2) system call on an IPv6 RDS socket. By default, the rds.ko module is blacklisted in Ubuntu 14.04 LTS and newer releases. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 19.04 | noarch | linux | <Â 5.0.0-32.34 | UNKNOWN |
| ubuntu | 19.04 | noarch | linux-aws | <Â 5.0.0-1019.21 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-azure | <Â 5.0.0-1023.24~18.04.1 | UNKNOWN |
| ubuntu | 19.04 | noarch | linux-azure | <Â 5.0.0-1023.24 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-azure-edge | <Â 5.0.0-1023.24~18.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-gcp | <Â 5.0.0-1021.21~18.04.1 | UNKNOWN |
| ubuntu | 19.04 | noarch | linux-gcp | <Â 5.0.0-1021.21 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-gcp-edge | <Â 5.0.0-1021.21~18.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-gke-5.0 | <Â 5.0.0-1023.23~18.04.2 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-hwe | <Â 5.0.0-32.34~18.04.2 | UNKNOWN |
References
git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
launchpad.net/bugs/cve/CVE-2019-16714
nvd.nist.gov/vuln/detail/CVE-2019-16714
security-tracker.debian.org/tracker/CVE-2019-16714
ubuntu.com/security/notices/USN-4157-1
ubuntu.com/security/notices/USN-4157-2
www.cve.org/CVERecord?id=CVE-2019-16714
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.3%