CVE-2013-3076

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html

http://www.openwall.com/lists/oss-security/2013/04/14/3

http://www.ubuntu.com/usn/USN-1837-1

https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe

Details

Source: MITRE

Published: 2013-04-22

Updated: 2017-11-29

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
123890EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1204)NessusHuawei Local Security Checks
high
123883EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)NessusHuawei Local Security Checks
high
122201EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)NessusHuawei Local Security Checks
high
76660RHEL 6 : MRG (RHSA-2013:0829)NessusRed Hat Local Security Checks
high
68954SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994)NessusSuSE Local Security Checks
medium
66912SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814)NessusSuSE Local Security Checks
medium
66904Ubuntu 12.10 : linux vulnerabilities (USN-1881-1)NessusUbuntu Local Security Checks
medium
66903Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1880-1)NessusUbuntu Local Security Checks
medium
66902Ubuntu 12.04 LTS : linux vulnerabilities (USN-1878-1)NessusUbuntu Local Security Checks
medium
66590Ubuntu 13.04 : linux vulnerabilities (USN-1837-1)NessusUbuntu Local Security Checks
medium
66486Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
high
66310Fedora 17 : kernel-3.8.11-100.fc17 (2013-6999)NessusFedora Local Security Checks
medium
66248Fedora 18 : kernel-3.8.8-203.fc18 (2013-6537)NessusFedora Local Security Checks
medium