Detections
Analytics
CVE-2013-7263
medium
Description
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
References
https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
https://bugzilla.redhat.com/show_bug.cgi?id=1035875
http://www.ubuntu.com/usn/USN-2141-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2108-1
http://www.ubuntu.com/usn/USN-2107-1
http://www.openwall.com/lists/oss-security/2013/11/28/13
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
http://secunia.com/advisories/56036
http://secunia.com/advisories/55882
http://seclists.org/oss-sec/2014/q1/29
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html