CVE-2013-2547
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2013-2547
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-2547.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2013-2547
- Related
- Published
- 2013-03-15T20:55:08Z
- Modified
- 2024-06-30T12:01:22Z
- Summary
- [none]
- Details
-
The cryptoreportone function in crypto/cryptouser.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNET_ADMIN capability.
- References
-
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
- http://www.ubuntu.com/usn/USN-1793-1
- http://www.ubuntu.com/usn/USN-1794-1
- http://www.ubuntu.com/usn/USN-1795-1
- http://www.ubuntu.com/usn/USN-1796-1
- http://www.ubuntu.com/usn/USN-1797-1
- https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://www.openwall.com/lists/oss-security/2013/03/05/13
- https://security-tracker.debian.org/tracker/CVE-2013-2547
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source