Lucene search

K

Ubuntu.comUB:CVE-2013-3237

HistoryApr 22, 2013 - 12:00 a.m.

CVE-2013-3237

2013-04-2200:00:00

ubuntu.com

ubuntu.com

6

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux
kernel before 3.9-rc7 does not initialize a certain length variable, which
allows local users to obtain sensitive information from kernel stack memory
via a crafted recvmsg or recvfrom system call.

Bugs

<https://launchpad.net/bugs/1172416>

Notes

Author	Note
apw	set break commit to when VSOCK was introduced

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d5e0d0f607a7a029c6563a0470d88255c89a8d11

www.openwall.com/lists/oss-security/2013/04/14/3

github.com/torvalds/linux/commit/d5e0d0f607a7a029c6563a0470d88255c89a8d11

launchpad.net/bugs/cve/CVE-2013-3237

lkml.org/lkml/2013/4/14/107

nvd.nist.gov/vuln/detail/CVE-2013-3237

security-tracker.debian.org/tracker/CVE-2013-3237

www.cve.org/CVERecord?id=CVE-2013-3237

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2013-3237

cve1 prion1 debiancve1 openvas2 nessus2