Your submission was sent successfully! Close

CVE-2013-3236

Published: 22 April 2013

The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
Patches:
Introduced by d021c344051af91f42c5ba9fdedc176740cbd238
Fixed by 680d04e0ba7e926233e3b9cee59125ce181f66ba
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
This package is not directly supported by the Ubuntu Security Team
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.9~rc7)