Uninitialized Structure Member Vulnerability in Linux Kernel RDS Socket Handling

Uninitialized Structure Member Vulnerability in Linux Kernel RDS Socket Handling

CVE-2012-3430 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.