CVE-2013-2547
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
15/03/2013
Last modified:
11/04/2025
Description
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.8.2 (including) | |
| cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013%3A176
- http://www.openwall.com/lists/oss-security/2013/03/05/13
- http://www.ubuntu.com/usn/USN-1793-1
- http://www.ubuntu.com/usn/USN-1794-1
- http://www.ubuntu.com/usn/USN-1795-1
- http://www.ubuntu.com/usn/USN-1796-1
- http://www.ubuntu.com/usn/USN-1797-1
- https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013%3A176
- http://www.openwall.com/lists/oss-security/2013/03/05/13
- http://www.ubuntu.com/usn/USN-1793-1
- http://www.ubuntu.com/usn/USN-1794-1
- http://www.ubuntu.com/usn/USN-1795-1
- http://www.ubuntu.com/usn/USN-1796-1
- http://www.ubuntu.com/usn/USN-1797-1
- https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6