CVE-2013-3237
Published: 22 April 2013
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Notes
Author | Note |
---|---|
apw | set break commit to when VSOCK was introduced |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Released
(3.9~rc7)
|
|
Patches: Introduced by d021c344051af91f42c5ba9fdedc176740cbd238 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Does not exist
|
|
upstream |
Released
(3.9~rc7)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
upstream |
Released
(3.9~rc7)
|
References
- https://lkml.org/lkml/2013/4/14/107
- https://github.com/torvalds/linux/commit/d5e0d0f607a7a029c6563a0470d88255c89a8d11
- http://www.openwall.com/lists/oss-security/2013/04/14/3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d5e0d0f607a7a029c6563a0470d88255c89a8d11
- https://www.cve.org/CVERecord?id=CVE-2013-3237
- NVD
- Launchpad
- Debian