CVE-2013-3076

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.9-rc8

Description The issue concerns the crypto API in the Linux kernel, where certain length variables are not properly initialized. This allows local users to obtain sensitive information from the kernel stack memory by using a specially crafted recvmsg or recvfrom system call. The problem is related to the hash recvmsg function in crypto/algif hash.c and the skcipher recvmsg function in crypto/algif skcipher.c.

Recommendations For Linux kernel versions prior to 3.9-rc8, consider updating to a version that includes the necessary fixes to prevent sensitive information disclosure. As a temporary workaround, restrict access to the recvmsg and recvfrom system calls to minimize the risk of exploitation. Additionally, consider disabling the hash recvmsg and skcipher recvmsg functions until a patch is available.