CVE-2013-7263

Linux kernel <3.12.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

References (26)

Core 26
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0159.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0285.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2135-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2138-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2108-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2113-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2141-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2110-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2136-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2139-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2117-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56036
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2109-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2107-1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/28/13
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55882
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/29
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1035875

Scores

EPSS 0.0048
EPSS Percentile 38.1%

Details

CWE
CWE-20
Status published
Products (44)
linux/linux_kernel 3.0 rc1 (7 CPE variants)
linux/linux_kernel 3.0.1
linux/linux_kernel 3.0.2
linux/linux_kernel 3.0.3
linux/linux_kernel 3.0.4
linux/linux_kernel 3.0.5
linux/linux_kernel 3.0.6
linux/linux_kernel 3.0.7
linux/linux_kernel 3.0.8
linux/linux_kernel 3.0.9
... and 34 more
Published Jan 06, 2014
Tracked Since Feb 18, 2026