Lucene search

K

MitreCVELIST:CVE-2013-2547

HistoryMar 14, 2013 - 8:00 p.m.

CVE-2013-2547

2013-03-1420:00:00

mitre

www.cve.org

2

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

lists.opensuse.org/opensuse-updates/2013-12/msg00129.html

www.mandriva.com/security/advisories?name=MDVSA-2013:176

www.openwall.com/lists/oss-security/2013/03/05/13

www.ubuntu.com/usn/USN-1793-1

www.ubuntu.com/usn/USN-1794-1

www.ubuntu.com/usn/USN-1795-1

www.ubuntu.com/usn/USN-1796-1

www.ubuntu.com/usn/USN-1797-1

github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVELIST:CVE-2013-2547

debiancve2 nvd3 ubuntucve2 prion3 cve3 cvelist1 nessus17 openvas15 securityvulns2 ubuntu5 suse1 redhat1