Unrated severityNVD Advisory· Published Apr 22, 2013· Updated Jun 16, 2026
CVE-2013-3237
CVE-2013-3237
Description
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:rc6:*:*:*:*:*:*range: <=3.9
- (no CPE)range: <3.9-rc7
Patches
Vulnerability mechanics
References
4- github.com/torvalds/linux/commit/d5e0d0f607a7a029c6563a0470d88255c89a8d11nvdVendor Advisory
- lkml.org/lkml/2013/4/14/107nvdVendor Advisory
- git.kernel.orgnvd
- www.openwall.com/lists/oss-security/2013/04/14/3nvd
News mentions
0No linked articles in our index yet.