CVE-2013-7263

medium

Description

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

References

https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69

https://bugzilla.redhat.com/show_bug.cgi?id=1035875

http://www.ubuntu.com/usn/USN-2141-1

http://www.ubuntu.com/usn/USN-2139-1

http://www.ubuntu.com/usn/USN-2138-1

http://www.ubuntu.com/usn/USN-2136-1

http://www.ubuntu.com/usn/USN-2135-1

http://www.ubuntu.com/usn/USN-2117-1

http://www.ubuntu.com/usn/USN-2113-1

http://www.ubuntu.com/usn/USN-2110-1

http://www.ubuntu.com/usn/USN-2109-1

http://www.ubuntu.com/usn/USN-2108-1

http://www.ubuntu.com/usn/USN-2107-1

http://www.openwall.com/lists/oss-security/2013/11/28/13

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4

http://secunia.com/advisories/56036

http://secunia.com/advisories/55882

http://seclists.org/oss-sec/2014/q1/29

http://rhn.redhat.com/errata/RHSA-2014-0285.html

http://rhn.redhat.com/errata/RHSA-2014-0159.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69

Details

Source: Mitre, NVD

Published: 2014-01-06

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium