Jay Fenlason

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.0.44 **Description** The issue is related to the `rds recvmsg` function in the Linux kernel, which does not initialize a certain structure member. This allows local users to obtain potentially sensitive information from kernel stack memory via a `(1) recvfrom` or `(2) recvmsg` system call on an RDS socket. **Recommendations** For Linux kernel versions prior to 3.0.44, update to version 3.0.44 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** openSUSE kernel-ps3-debuginfo versions (affected versions not specified) openSUSE kernel-ps3-debugsource versions (affected versions not specified) Linux kernel versions prior to 2.6.32-git9 **Description** The issue affects the Linux kernel and openSUSE operating system, involving multiple vulnerabilities in the kernel-ps3-debuginfo and kernel-ps3-debugsource packages. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. In the Linux kernel, a local user can cause a denial of service or possibly have other unknown impacts via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field in drivers/firewire/ohci.c when packet-per-buffer mode is used. **Recommendations** For openSUSE kernel-ps3-debuginfo and kernel-ps3-debugsource, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.32-git9, update to version 2.6.32-git9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `drivers/firewire/ohci.c` module to minimize the risk of exploitation.