CVE-2013-7268
https://notcve.org/view.php?id=CVE-2013-7268
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. La función ipx_recvmsg en net/ipx/af_ipx.c en el kernel Linux anterior a 3.12.4 actualiza cierto valor de longitud sin asegurarde de que una estructura de datos asociada ha sido inicializada, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamda de sistema (1) recvfrom, (2) recvmmsg o (3) recvmsg. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c http://secunia.com/advisories/55882 http://secunia.com/advisories/56036 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2013/12/31/7 http://www.ubuntu.com/usn/USN-2109-1 http://www.ubuntu.com/usn/USN-2110-1 http://www.ubuntu.com/usn/USN-2113-1 http://www.ubuntu.com/usn/USN-211 • CWE-20: Improper Input Validation •
CVE-2013-7270 – Kernel: net: information leak in recvmsg handler msg_name & msg_namelen logic
https://notcve.org/view.php?id=CVE-2013-7270
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. la función packet_recvmsg en net/packet/af_packet.c en el kernel Linux anteriores a 3.12.4 actualiza cierto valor de longitud antes de asegurarse de si una estructura de datos asociada se ha inicializado, lo que permite a usuarios locales obtener información sencsible, de la memoria del kernel a través de una llamada de sistema (1) recvfrom, (2) recvmmsg, o (3) recvmsg. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c http://secunia.com/advisories/55882 http://secunia.com/advisories/56036 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2013/12/31/7 http://www.securityfocus.com/bid/64744 http://www.ubuntu.com/usn/USN-2109-1 http://www.ubuntu.com/usn/USN-2110-1 http://www.ubuntu.com/usn/USN-2113- • CWE-20: Improper Input Validation •
CVE-2013-7263 – Kernel: net: leakage of uninitialized memory to user-space via recv syscalls
https://notcve.org/view.php?id=CVE-2013-7263
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. El kernel Linux anterior a 3.12.4 actualiza cierto valor de longitud antes de asegurarse de si una estructura de datos asociada se ha inicializado, lo que permite a usuarios locales obtener información sensible de la pila de memoria del kernel a través de una llamada de sistema (1) recvfrom, (2) recvmmsg o (3) recvmsg, relacionado con net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c y et/ipv6/udp.c • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.red • CWE-20: Improper Input Validation •
CVE-2013-7264
https://notcve.org/view.php?id=CVE-2013-7264
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. La función l2tp_ip_recvmsg en net/l2tp/l2tp_ip.c en el kernel Linux 3.12.4 actualiza ciertos valores de longitud antes de asegurarse de que una estructura de datos asociada ha sido inicializada, lo que permite a usuario locales obtener información sensible de la pila de memoria del kernel a través de una llamada de sistema (1) recvfrom, (2) recvmmsg o (3) recvmsg. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html http://seclists.org/oss-sec/2014/q1/29 http://secunia.com/advisories/55882 http://secunia.com/advisories/56036 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2013/11/28/13 http://www.ubuntu.com/usn/USN-2107-1 http: • CWE-20: Improper Input Validation •
CVE-2013-7271
https://notcve.org/view.php?id=CVE-2013-7271
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. La función x25_recvmsg en net/x25/af_x25.c en el kernel Linux anteriores a 3.12.4 actualiza cierto valor de longitud sin asegurarse que una estructura de datos asociada fué inicializada, lo que permite a usuarios locales obtener información sensible de la memoria dle kernel a través de una llamada de sistema (1) recvfrom, (2) recvmmsg o (3) recvmsg • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c http://secunia.com/advisories/55882 http://secunia.com/advisories/56036 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 http://www.openwall.com/lists/oss-security/2013/12/31/7 http://www.securityfocus.com/bid/64746 http://www.ubuntu.com/usn/USN-2109-1 http://www.ubuntu.com/usn/USN-2110-1 http://www.ubuntu.com/usn/USN-2113- • CWE-20: Improper Input Validation •