CVE-2013-2546

2013-03-15T20:55:00
ID CVE-2013-2546
Type cve
Reporter cve@mitre.org
Modified 2014-01-04T04:46:00

Description

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. Per https://access.redhat.com/security/cve/CVE-2013-2546 "These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue."