The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
Information Disclosure
Linux
Linux Kernel
NVD
Exploit-DB
GitHub
CVSS 2.0
2.1
EPSS
0.2%
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a. Rated low severity (CVSS 1.9). Public exploit code available.
Linux
Authentication Bypass
Linux Kernel
NVD
GitHub
CVSS 2.0
1.9
EPSS
0.1%