Published: 22/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel prior to 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.9

Several security issues were fixed in the kernel ...

The nr_recvmsg function in net/netrom/af_netromc in the Linux kernel before 39-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call ...

CWE-200 https://github.com/torvalds/linux/commit/3ce5efad47b62c57a4f5c54248347085a750ce0e http://www.openwall.com/lists/oss-security/2013/04/14/3 https://lkml.org/lkml/2013/4/14/107 https://github.com/torvalds/linux/commit/c802d759623acbd6e1ee9fbdabae89159a513913 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c802d759623acbd6e1ee9fbdabae89159a513913 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3ce5efad47b62c57a4f5c54248347085a750ce0e https://nvd.nist.gov https://usn.ubuntu.com/1879-1/https://access.redhat.com/security/cve/cve-2013-3232

CVE-2013-3232

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect