{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-20T00:00:00", "descriptions": [{"lang": "en", "value": "net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-05T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1812-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1812-1"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "USN-1829-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"name": "RHSA-2013:1051", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"}, {"name": "USN-1809-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1809-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1814-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1814-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923652"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "USN-1813-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1813-1"}, {"name": "[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/20/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"}, {"name": "USN-1811-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1811-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2013:1187", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=29cd8ae0e1a39e239a3a7b67da1986add1199fc0", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1812-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1812-1"}, {"name": "MDVSA-2013:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "USN-1829-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"name": "RHSA-2013:1051", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"}, {"name": "USN-1809-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1809-1"}, {"name": "https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1814-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1814-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923652", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923652"}, {"name": "openSUSE-SU-2013:1971", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "USN-1813-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1813-1"}, {"name": "[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/03/20/1"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"}, {"name": "USN-1811-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1811-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:32.612Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:1187", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1812-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1812-1"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "USN-1829-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"name": "RHSA-2013:1051", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"}, {"name": "USN-1809-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1809-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"name": "USN-1814-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1814-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923652"}, {"name": "openSUSE-SU-2013:1971", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"name": "USN-1813-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1813-1"}, {"name": "[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/03/20/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"}, {"name": "USN-1811-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1811-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2634", "datePublished": "2013-03-22T10:00:00", "dateReserved": "2013-03-21T00:00:00", "dateUpdated": "2024-08-06T15:44:32.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A40E2A8-BBC3-4763-B150-9193F30E9DF0", "versionEndIncluding": "3.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27ADC356-6BE9-43A3-9E0B-393DC4B1559A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."}, {"lang": "es", "value": "net/dcb/dcbnl.c en el kernel de Linux anterior a v3.8.4 no inicializa determinadas estructuras, lo que permite a atacantes locales obtener informaci\u00f3n sensible desde la pila del kernel mediante una aplicaci\u00f3n especialmente dise\u00f1ada."}], "id": "CVE-2013-2634", "lastModified": "2023-11-07T02:15:05.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-22T11:59:11.973", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/03/20/1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1809-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1811-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1812-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1813-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1814-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1829-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923652"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1080", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "kernel-0:2.6.32-358.114.1.openstack.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2013-07-16T00:00:00Z"}, {"advisory": "RHSA-2013:1051", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-358.14.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-07-16T00:00:00Z"}, {"advisory": "RHSA-2013:0829", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.6.11.2-rt33.39.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-05-20T00:00:00Z"}], "bugzilla": {"description": "kernel: Information leak in the Data Center Bridging (DCB) component", "id": "924689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924689"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application."], "name": "CVE-2013-2634", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-03-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2634\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2634"], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.", "threat_severity": "Low"}