CVE-2019-16714

moderate-risk
Published 2019-09-23

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Linux F5 Canonical

References (16)

Mailing List http://www.openwall.com/lists/oss-security/2019/09/24/2
Mailing List http://www.openwall.com/lists/oss-security/2019/09/25/1
Mailing List https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14
Patch https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea73...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191031-0005/
https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medi...
Third Party Advisory https://usn.ubuntu.com/4157-1/
Third Party Advisory https://usn.ubuntu.com/4157-2/
Mailing List http://www.openwall.com/lists/oss-security/2019/09/24/2
Mailing List http://www.openwall.com/lists/oss-security/2019/09/25/1
Mailing List https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14
Patch https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea73...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191031-0005/
https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medi...
Third Party Advisory https://usn.ubuntu.com/4157-1/
Third Party Advisory https://usn.ubuntu.com/4157-2/
39
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 10/34 · Low