CVE-2013-2548Kernel vulnerability

CWE-31012 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 77.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise MRG
Timeline
PublishedMar 15
Latest updateMay 13

Description

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debianlinux/linux_kernel< 3.2.41-1+3
NVDlinux/linux_kernel3.8.2+185

🔴Vulnerability Details

3
GHSA
GHSA-4vm6-2qjj-hm8m: The crypto_report_one function in crypto/crypto_user2022-05-13
OSV
CVE-2013-2548: The crypto_report_one function in crypto/crypto_user2013-03-15
CVEList
CVE-2013-2548: The crypto_report_one function in crypto/crypto_user2013-03-14

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2013-04-08
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-04-08
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2013-04-08
Ubuntu
Linux kernel (OMAP4) vulnerabilities2013-04-08
Ubuntu
Linux kernel vulnerabilities2013-04-08

💬Community

1
Bugzilla
kernel: crypto: info leaks in report API2013-03-06
CVE-2013-2548 — Linux Kernel vulnerability | cvebase