CVE-2013-7263

medium

Description

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://rhn.redhat.com/errata/RHSA-2014-0159.html

http://rhn.redhat.com/errata/RHSA-2014-0285.html

https://bugzilla.redhat.com/show_bug.cgi?id=1035875

http://seclists.org/oss-sec/2014/q1/29

http://secunia.com/advisories/55882

http://secunia.com/advisories/56036

https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4

http://www.openwall.com/lists/oss-security/2013/11/28/13

http://www.ubuntu.com/usn/USN-2107-1

http://www.ubuntu.com/usn/USN-2108-1

http://www.ubuntu.com/usn/USN-2109-1

http://www.ubuntu.com/usn/USN-2110-1

http://www.ubuntu.com/usn/USN-2113-1

http://www.ubuntu.com/usn/USN-2117-1

http://www.ubuntu.com/usn/USN-2135-1

http://www.ubuntu.com/usn/USN-2136-1

http://www.ubuntu.com/usn/USN-2138-1

http://www.ubuntu.com/usn/USN-2139-1

http://www.ubuntu.com/usn/USN-2141-1

Details

Source: Mitre, NVD

Published: 2014-01-06

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium