Vulnerability Description
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.8.2 |
| Redhat | Enterprise Mrg | 2.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
- http://www.openwall.com/lists/oss-security/2013/03/05/13
- http://www.ubuntu.com/usn/USN-1793-1
- http://www.ubuntu.com/usn/USN-1794-1
- http://www.ubuntu.com/usn/USN-1795-1
- http://www.ubuntu.com/usn/USN-1796-1
- http://www.ubuntu.com/usn/USN-1797-1
- https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
- http://www.openwall.com/lists/oss-security/2013/03/05/13
- http://www.ubuntu.com/usn/USN-1793-1
FAQ
What is CVE-2013-2547?
CVE-2013-2547 is a vulnerability with a CVSS score of 2.1 (LOW). The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which all...
How severe is CVE-2013-2547?
CVE-2013-2547 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2547?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Mrg.