CVE-2013-3228

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux (affected versions not specified) Linux kernel versions prior to 3.9-rc7

Description The issue concerns multiple vulnerabilities in the Linux package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability in the Linux kernel involves the irda recvmsg dgram function in net/irda/af irda.c, where a length variable is not properly initialized, allowing local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Recommendations For Linux kernel versions prior to 3.9-rc7, update to version 3.9-rc7 or later to resolve the issue. As a temporary workaround, consider restricting access to the irda recvmsg dgram function in net/irda/af irda.c to minimize the risk of exploitation.