The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://lkml.org/lkml/2013/6/3/128
http://www.openwall.com/lists/oss-security/2013/06/05/26
http://www.ubuntu.com/usn/USN-1929-1
OR
cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.9.4 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
99163 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) | Nessus | OracleVM Local Security Checks | critical |
76665 | RHEL 6 : MRG (RHSA-2013:1264) | Nessus | Red Hat Local Security Checks | high |
75184 | openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1) | Nessus | SuSE Local Security Checks | high |
74878 | openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1) | Nessus | SuSE Local Security Checks | high |
72472 | Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002) | Nessus | Oracle Linux Local Security Checks | high |
70040 | SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283) | Nessus | SuSE Local Security Checks | high |
70039 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273) | Nessus | SuSE Local Security Checks | high |
69505 | Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
69419 | Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1936-1) | Nessus | Ubuntu Local Security Checks | high |
69418 | Ubuntu 13.04 : linux vulnerabilities (USN-1935-1) | Nessus | Ubuntu Local Security Checks | high |
69417 | Ubuntu 12.10 : linux vulnerabilities (USN-1932-1) | Nessus | Ubuntu Local Security Checks | high |
69416 | Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1931-1) | Nessus | Ubuntu Local Security Checks | high |
69415 | Ubuntu 12.04 LTS : linux vulnerability (USN-1929-1) | Nessus | Ubuntu Local Security Checks | low |
67351 | Fedora 17 : kernel-3.9.8-100.fc17 (2013-9123) | Nessus | Fedora Local Security Checks | high |
67285 | Fedora 18 : kernel-3.9.5-201.fc18 (2013-10695) | Nessus | Fedora Local Security Checks | high |
67284 | Fedora 19 : kernel-3.9.5-301.fc19 (2013-10689) | Nessus | Fedora Local Security Checks | medium |
67254 | Mandriva Linux Security Advisory : kernel (MDVSA-2013:194) | Nessus | Mandriva Local Security Checks | high |