4.7

CVE-2013-3231

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Updaterc6 Version <= 3.9
LinuxLinux Kernel Version3.9 Updaterc1
LinuxLinux Kernel Version3.9 Updaterc2
LinuxLinux Kernel Version3.9 Updaterc3
LinuxLinux Kernel Version3.9 Updaterc4
LinuxLinux Kernel Version3.9 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.278
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
http://rhn.redhat.com/errata/RHSA-2013-1645.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html
http://www.openwall.com/lists/oss-security/2013/04/14/3
http://www.ubuntu.com/usn/USN-1837-1
https://lkml.org/lkml/2013/4/14/107
Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c77a4b9cffb6215a15196ec499490d116dfad181
https://github.com/torvalds/linux/commit/c77a4b9cffb6215a15196ec499490d116dfad181
Vendor Advisory