CVE-2019-16714

HIGH

Linux kernel <5.2.14 - Info Disclosure

Title source: llm

Description

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

References (8)

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736

View Patch ZIP pw:eip

[Mailing List, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/09/24/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/09/25/1

[Vendor Advisory] https://support.f5.com/csp/article/K48351130?utm_source=f5support&amp%3Butm_medium=RSS

[Third Party Advisory] https://usn.ubuntu.com/4157-1/

[Third Party Advisory] https://usn.ubuntu.com/4157-2/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20191031-0005/

Scores

CVSS v3 7.5

EPSS 0.0112

EPSS Percentile 78.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-909

Status published

Products (4)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

f5/traffix_signaling_delivery_controller 5.0.0 - 5.1.0

linux/linux_kernel < 5.2.14

Published Sep 23, 2019

Tracked Since Feb 18, 2026