CVE-2013-3237

描述

The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

受影響套件(1)

• Debian/open-vm-toolsfrom 0, < 2:9.2.2-893683-8

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-3237