High severity7.5NVD Advisory· Published Jun 27, 2016· Updated May 6, 2026

CVE-2016-5244

Description

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Affected products

SUSE S.A./Linux Enterprise Debuginfo
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=4.6.3
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Real Time Extension2 versions
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server3 versions
cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:11:extra:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Workstation Extension
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
SUSE S.A./Opensuse Leap
cpe:2.3:o:suse:opensuse_leap:42.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatch
github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbbnvdPatch
patchwork.ozlabs.org/patch/629110/nvdPatch
lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlnvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/06/03/5nvdMailing ListTechnical Description
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlnvd
www.debian.org/security/2016/dsa-3607nvd
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
www.securityfocus.com/bid/91021nvd
www.securitytracker.com/id/1041895nvd
www.ubuntu.com/usn/USN-3070-1nvd
www.ubuntu.com/usn/USN-3070-2nvd
www.ubuntu.com/usn/USN-3070-3nvd
www.ubuntu.com/usn/USN-3070-4nvd
www.ubuntu.com/usn/USN-3071-1nvd
www.ubuntu.com/usn/USN-3071-2nvd
www.ubuntu.com/usn/USN-3072-1nvd
www.ubuntu.com/usn/USN-3072-2nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000