QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2547

Published: Mar 14, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

x_refsource_CONFIRM

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2013:1971

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.