Linux Kernel 'net/packet/af_packet.c' local message leakage Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel <3.12.4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64744
CVE (CAN) ID: CVE-2013-7270

Linux Kernel is the Kernel of the Linux operating system.

In versions earlier than Linux kernel 3.12.4, the function packet_recvmsg in net/packet/af_packet.c does not ensure that some length values are updated if related data results are initialized. This allows local users to use recvfrom, the recvmmsg and recvmsg systems call to obtain sensitive information about the kernel memory.

<* Source: Hannes Frederic Sowa
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/

Http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commit; h = f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
CONFIRM: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1039845
Https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c

Linux Kernel: click here
Linux Kernel: click here

The Linux kernel replaces iptables with nftables

Linux 3.12 code Suicidal Squirrel

How to install Linux 3.11 Kernel on Ubuntu

The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5

Linux Kernel 3.4.62 LTS is now available for download

How to install Linux kernel 13.10 On Ubuntu 3.12