CVE-2013-2546Kernel vulnerability

CWE-31012 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 77.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise MRG
Timeline
PublishedMar 15
Latest updateMay 13

Description

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debianlinux/linux_kernel< 3.2.41-1+3
NVDlinux/linux_kernel3.8.2+185

🔴Vulnerability Details

3
GHSA
GHSA-rvmp-6gcj-rjrw: The report API in the crypto user configuration API in the Linux kernel through 32022-05-13
OSV
CVE-2013-2546: The report API in the crypto user configuration API in the Linux kernel through 32013-03-15
CVEList
CVE-2013-2546: The report API in the crypto user configuration API in the Linux kernel through 32013-03-14

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2013-04-08
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-04-08
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2013-04-08
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-04-08
Ubuntu
Linux kernel vulnerabilities2013-04-08

💬Community

1
Bugzilla
kernel: crypto: info leaks in report API2013-03-06
CVE-2013-2546 — Linux Kernel vulnerability | cvebase