Uninitialized Structure Member Vulnerability in Linux Kernel's rds_inc_info_copy Function

Uninitialized Structure Member Vulnerability in Linux Kernel's rds_inc_info_copy Function

CVE-2016-5244 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.