CVE-2013-7270

Published: 06 January 2014

The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

From the Ubuntu security team

An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory.

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
• https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
• https://bugzilla.redhat.com/show_bug.cgi?id=1039845
• http://www.openwall.com/lists/oss-security/2013/12/31/7
• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
• https://ubuntu.com/security/notices/USN-2109-1
• https://ubuntu.com/security/notices/USN-2110-1
• https://ubuntu.com/security/notices/USN-2113-1
• https://ubuntu.com/security/notices/USN-2117-1
• https://ubuntu.com/security/notices/USN-2128-1
• https://ubuntu.com/security/notices/USN-2129-1
• https://ubuntu.com/security/notices/USN-2135-1
• https://ubuntu.com/security/notices/USN-2136-1
• https://ubuntu.com/security/notices/USN-2138-1
• https://ubuntu.com/security/notices/USN-2139-1
• https://ubuntu.com/security/notices/USN-2141-1
• NVD
• Launchpad
• Debian

Bugs

• https://launchpad.net/bugs/1267087