CVE-2012-3430
Published: 27 July 2012
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.
From the Ubuntu security team
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel.
Priority
Status
Notes
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3430
- http://www.openwall.com/lists/oss-security/2012/07/26/3
- https://ubuntu.com/security/notices/USN-1567-1
- https://ubuntu.com/security/notices/USN-1568-1
- https://ubuntu.com/security/notices/USN-1572-1
- https://ubuntu.com/security/notices/USN-1573-1
- https://ubuntu.com/security/notices/USN-1574-1
- https://ubuntu.com/security/notices/USN-1575-1
- https://ubuntu.com/security/notices/USN-1260-1
- https://ubuntu.com/security/notices/USN-1577-1
- https://ubuntu.com/security/notices/USN-1578-1
- https://ubuntu.com/security/notices/USN-1579-1
- https://ubuntu.com/security/notices/USN-1580-1
- NVD
- Launchpad
- Debian