Linux : Security Vulnerabilities, CVEs, Published In 2013 (Information Leak)
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
Max CVSS
6.0
EPSS Score
0.28%
Published
2013-10-24
Updated
2019-04-22
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2014-01-04
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2014-01-04
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2014-01-04
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2021-08-09
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-04-22
Updated
2013-04-22
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-11-12
Updated
2023-02-13
The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-11-12
Updated
2023-02-13
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-04-29
Updated
2023-02-13
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-04-22
Updated
2017-11-29
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
Max CVSS
2.1
EPSS Score
0.05%
Published
2013-02-18
Updated
2023-02-13
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-03-15
Updated
2013-03-18
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
Max CVSS
2.1
EPSS Score
0.05%
Published
2013-02-18
Updated
2017-11-29
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-07-04
Updated
2021-07-15