CVE-2013-2547 Common Vulnerabilities and Exposures

Upstream information

CVE-2013-2547 at MITRE

Description

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

SUSE information

Overall state of this security issue: Does not affect SUSE products

CVSS v2 Scores
	National Vulnerability Database
Base Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entries: 1118428 [RESOLVED / FIXED], 809906 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2013:1971-1

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 13:29:45 2013
CVE page last modified: Tue Jul 1 12:20:50 2025