Veracode Vulnerability DatabaseVERACODE:13805Information Disclosure
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
kernel-rt is vulnerable to information disclosure. Local users are able to obtain confidential information from the kernel stack memory via recvfrom or recvmsgsystem call on an RDS socket. due to failure to initialize certain structure member in the rds_recvmsg function in net/rds/recv.c.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=06b6a1cf6e776426766298d055bb3991957d90a7
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7
rhn.redhat.com/errata/RHSA-2012-1323.html
secunia.com/advisories/50633
secunia.com/advisories/50732
secunia.com/advisories/50811
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44
www.openwall.com/lists/oss-security/2012/07/26/5
www.ubuntu.com/usn/USN-1567-1
www.ubuntu.com/usn/USN-1568-1
www.ubuntu.com/usn/USN-1572-1
www.ubuntu.com/usn/USN-1575-1
www.ubuntu.com/usn/USN-1577-1
www.ubuntu.com/usn/USN-1578-1
www.ubuntu.com/usn/USN-1579-1
www.ubuntu.com/usn/USN-1580-1
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1491
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=820039
bugzilla.redhat.com/show_bug.cgi?id=843130
bugzilla.redhat.com/show_bug.cgi?id=856243
bugzilla.redhat.com/show_bug.cgi?id=859226
bugzilla.redhat.com/show_bug.cgi?id=864568
github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7
rhn.redhat.com/errata/RHSA-2012-1491.html
www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N