497812 – Kernel: net: Unitialized data read (CVE-2013-7263)

Bug 497812 - Kernel: net: Unitialized data read (CVE-2013-7263)

Summary: Kernel: net: Unitialized data read (CVE-2013-7263)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:	[ <3.12.4 ]
Keywords:

Depends on:
Blocks:

Reported:	2014-01-11 17:55 UTC by GLSAMaker/CVETool Bot
Modified:	2022-03-25 19:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2014-01-11 17:55:15 UTC

CVE-2013-7263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7263):
  The Linux kernel before 3.12.4 updates certain length values before ensuring
  that associated data structures have been initialized, which allows local
  users to obtain sensitive information from kernel stack memory via a (1)
  recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to
  net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and
  net/ipv6/udp.c.

Comment 1 John Helmert III archtester

2022-03-25 19:29:32 UTC

Fix in 3.13: https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69