CVE-2012-3430

Linux Kernel < 3.0.44 - Information Exposure via Uninitialized Structure in RDS recvmsg

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3430. PoCs published by Jay Fenlason.

AI-analyzed exploit summary This exploit demonstrates a local information disclosure vulnerability in the Linux kernel's RDS (Reliable Datagram Sockets) implementation. By manipulating the `msg.msg_namelen` field in `recvmsg()`, the code triggers a kernel memory leak, overwriting adjacent stack memory.

Description

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jay Fenlason · clocallinux

https://www.exploit-db.com/exploits/37543

View Code ZIP pw:eip

This exploit demonstrates a local information disclosure vulnerability in the Linux kernel's RDS (Reliable Datagram Sockets) implementation. By manipulating the `msg.msg_namelen` field in `recvmsg()`, the code triggers a kernel memory leak, overwriting adjacent stack memory.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2012-3430)

No auth needed

Prerequisites: Local access to the target system · RDS module loaded in the kernel

MITRE ATT&CK

T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=06b6a1cf6e776426766298d055bb3991957d90a7

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1323.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1572-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1579-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1578-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1567-1

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=820039

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1577-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50732

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50811

Vendor Advisory x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44

Various Sources vendor-advisory x_refsource_suse

https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1568-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1575-1

Exploit x_refsource_confirm

https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7

View Exploit ZIP pw:eip

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50633

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1580-1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/07/26/5

Scores

EPSS 0.0095

EPSS Percentile 56.5%

Details

CWE

CWE-200

Status published

Products (43)

linux/linux_kernel 3.0.1

linux/linux_kernel 3.0.2

linux/linux_kernel 3.0.3

linux/linux_kernel 3.0.4

linux/linux_kernel 3.0.5

linux/linux_kernel 3.0.6

linux/linux_kernel 3.0.7

linux/linux_kernel 3.0.8

linux/linux_kernel 3.0.9

linux/linux_kernel 3.0.10

... and 33 more

Published Oct 03, 2012

Tracked Since Feb 18, 2026