Lucene search
HistoryApr 22, 2013 - 11:41 a.m.
CVE-2013-3237
cve-2013-3237
linux kernel
vsock_stream_sendmsg
net/vmw_vsock/af_vsock.c
information disclosure
vulnerability
nvd
5.6 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | le | 3.9 |
Related
prion
prion
Design/Logic Flaw
2013-04-22 11:41:00
debiancve
debiancve
CVE-2013-3237
2013-04-22 11:41:00
ubuntucve
ubuntucve
CVE-2013-3237
2013-04-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1197)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1204)
2020-01-23 00:00:00
nessus
nessus
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)
2019-04-09 00:00:00
EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1204)
2019-04-09 00:00:00
5.6 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for CVE-2013-3237