David S. Miller

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.5 **Description** The issue is related to the `llc cmsg rcv` function in the Linux kernel, which fails to initialize a certain data structure. This allows attackers to obtain sensitive information from kernel stack memory by reading a message. **Recommendations** For versions prior to 4.5.5, update to version 4.5.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.11.7 EosKernel-3.4 **Description** The issue allows attackers to cause a denial of service, resulting in an infinite loop and crash. This can be triggered remotely through the network by sending certain malformed packets, specifically IP packets with rarely used packet options. The exposure is specific to certain EOS releases that use the affected EosKernel-3.4. **Recommendations** For Linux kernel versions prior to 3.11.7, update to version 3.11.7 or later to resolve the issue. For EosKernel-3.4, follow the resolution steps documented in the relevant sections for the affected Arista EOS versions. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.9-rc7 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the nr recvmsg function in net/netrom/af netrom.c not initializing a certain data structure, which can be exploited via a crafted recvmsg or recvfrom system call. **Recommendations** For Linux kernel versions prior to 3.9-rc7, update to version 3.9-rc7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.8.4 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the failure of the net/dcb/dcbnl.c module in the Linux kernel to initialize certain structures, which can be exploited via a crafted application. **Recommendations** For versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.9-rc7 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the `caif seqpkt recvmsg` function in `net/caif/caif socket.c` not initializing a certain length variable, which can be exploited via a crafted `recvmsg` or `recvfrom` system call. Multiple vulnerabilities in the Linux operating system package may lead to disruption of confidentiality, integrity, and availability of protected information, potentially exploitable by a local attacker. **Recommendations** For Linux kernel versions prior to 3.9-rc7, update to version 3.9-rc7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `recvmsg` and `recvfrom` system calls to minimize the risk of exploitation.