Published: 22/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 419

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel prior to 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.9

Synopsis Important: Red Hat Enterprise Linux 6 kernel update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enter ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots us ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device A local user could use this to d ...

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3c in the Linux kernel before 386 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure Use-af ...

Several security issues were fixed in the kernel ...

The llc_ui_recvmsg function in net/llc/af_llcc in the Linux kernel before 39-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call ...

CWE-200 https://github.com/torvalds/linux/commit/c77a4b9cffb6215a15196ec499490d116dfad181 https://lkml.org/lkml/2013/4/14/107 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c77a4b9cffb6215a15196ec499490d116dfad181 https://access.redhat.com/errata/RHSA-2013:1645 https://nvd.nist.gov https://usn.ubuntu.com/1879-1/https://access.redhat.com/security/cve/cve-2013-3231 https://www.debian.org/security/./dsa-2668

Get Started

CVE-2013-3231

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect