CVE-2013-3227 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3227): The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Fix in 3.8.11 onwards