Upstream information

CVE-2013-2546 at MITRE


The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 2.1 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local Local
Access Complexity Low Low
Authentication None None
Confidentiality Impact Partial Partial
Integrity Impact None None
Availability Impact None None

Note from the SUSE Security Team

The affected crypto code was introduced in Linux kernel 3.2 and not backported to older kernel versions. So SUSE Linux Enterprise 11 or earlier versions are not affected by this problem.

SUSE Bugzilla entry: 809906 [RESOLVED / FIXED]

SUSE Security Advisories: