MNBSD-2014-8: Kernel memory disclosure in control message API

Severity: Unknown

Affected Package: kernel

Summary: Kernel memory disclosure in control message API

Description

A vulnerability in the control message API left a buffer improperly cleared before being shared with userland, and a related issue affected SCTP notification padding. A local user could read uninitialized kernel memory, potentially disclosing sensitive information.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2014-3952, CVE-2014-3953

Published: July 10, 2014
Last Modified: July 10, 2014