CVE-2013-3227
https://notcve.org/view.php?id=CVE-2013-3227
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función caif_seqpkt_recvmsg en net/caif/caif_socket.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2d6fbfe733f35c6b355c216644e08e149c61b271 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3222 – Kernel: atm: update msg_namelen in vcc_recvmsg()
https://notcve.org/view.php?id=CVE-2013-3222
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función vcc_recvmsg en net/atm/common.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b3e617f3df53822345a8573b6d358f6b9e5ed87 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redha • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3235 – Kernel: tipc: info leaks via msg_name in recv_msg/recv_stream
https://notcve.org/view.php?id=CVE-2013-3235
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. net/tipc/socket.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=60085c3d009b0df252547adb336d1ccca5ce52ec http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3231 – Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg
https://notcve.org/view.php?id=CVE-2013-3231
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función llc_ui_recvmsg en net/llc/af_llc.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c77a4b9cffb6215a15196ec499490d116dfad181 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redha • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3229
https://notcve.org/view.php?id=CVE-2013-3229
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función iucv_sock_recvmsg en net/iucv/af_iucv.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5598bd9c087dc0efc250a5221e5d0e6f584ee88 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •