[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2547Date: (C)2013-03-16   (M)2024-03-06


The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
MDVSA-2013:176
USN-1793-1
USN-1794-1
USN-1795-1
USN-1796-1
USN-1797-1
http://www.openwall.com/lists/oss-security/2013/03/05/13
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
openSUSE-SU-2013:1971

CPE    216
cpe:/o:linux:linux_kernel:3.0.40
cpe:/o:linux:linux_kernel:3.1.10
cpe:/o:linux:linux_kernel:3.0.42
cpe:/o:linux:linux_kernel:3.0.41
...
CWE    1
CWE-310
OVAL    8
oval:org.secpod.oval:def:701250
oval:org.secpod.oval:def:701251
oval:org.secpod.oval:def:701244
oval:org.secpod.oval:def:701242
...

© SecPod Technologies