Published: 22/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel prior to 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
linux linux kernel 3.9

Several security issues were fixed in the kernel ...

The llcp_sock_recvmsg function in net/nfc/llcp/sockc in the Linux kernel before 39-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call ...

CWE-200 http://www.openwall.com/lists/oss-security/2013/04/14/3 https://lkml.org/lkml/2013/4/14/107 https://github.com/torvalds/linux/commit/d26d6504f23e803824e8ebd14e52d4fc0a0b09cb http://www.ubuntu.com/usn/USN-1837-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d26d6504f23e803824e8ebd14e52d4fc0a0b09cb https://nvd.nist.gov https://usn.ubuntu.com/1882-1/https://access.redhat.com/security/cve/cve-2013-3233

CVE-2013-3233

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect