Published: 22/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel prior to 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.9

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots us ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device A local user could use this to d ...

The bt_sock_recvmsg function in net/bluetooth/af_bluetoothc in the Linux kernel before 39-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call The udf_encode_fh function in fs/udf/nameic in the Linux kerne ...

Several security issues were fixed in the kernel ...

The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sockc in the Linux kernel before 39-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call ...

CWE-200 https://lkml.org/lkml/2013/4/14/107 https://github.com/torvalds/linux/commit/e11e0455c0d7d3d62276a0c55d9dfbc16779d691 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e11e0455c0d7d3d62276a0c55d9dfbc16779d691 https://nvd.nist.gov https://www.debian.org/security/./dsa-2668 https://usn.ubuntu.com/1879-1/https://access.redhat.com/security/cve/cve-2013-3225

Get Started

CVE-2013-3225

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect