CVE-2013-2547

NameCVE-2013-2547
DescriptionThe crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1fixed
stretch (security)4.9.272-2fixed
buster4.19.194-1fixed
buster (security)4.19.194-3fixed
bullseye (security)5.10.46-5fixed
bookworm, bullseye5.10.46-4fixed
sid5.14.6-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)3.2.41-1low
linux-2.6source(unstable)(not affected)

Notes

- linux-2.6 <not-affected> (Introduced in 3.2)

Search for package or bug name: Reporting problems