CVE-2013-3237
EPSS 0.07%Published: 4/22/2013Modified: 4/28/2026
Description
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Affected packages (1)
- Debian/open-vm-toolsfrom 0, < 2:9.2.2-893683-8