Published: 22/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel prior to 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.9

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots us ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device A local user could use this to d ...

Several security issues were fixed in the kernel ...

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3c in the Linux kernel before 386 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure Use-af ...

The bt_sock_recvmsg function in net/bluetooth/af_bluetoothc in the Linux kernel before 39-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call The udf_encode_fh function in fs/udf/nameic in the Linux kerne ...

CWE-200 http://www.openwall.com/lists/oss-security/2013/04/14/3 https://lkml.org/lkml/2013/4/14/107 https://github.com/torvalds/linux/commit/4683f42fde3977bdb4e8a09622788cc8b5313778 http://www.ubuntu.com/usn/USN-1837-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4683f42fde3977bdb4e8a09622788cc8b5313778 https://nvd.nist.gov https://www.debian.org/security/./dsa-2668 https://usn.ubuntu.com/1879-1/https://access.redhat.com/security/cve/cve-2013-3224

Get Started

CVE-2013-3224

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect