CVE-2013-2237

Published Jul 4, 2013

Last updated 2 years ago

Overview

Description
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
Source
secalert@redhat.com
NVD status
Modified

Social media

Hype score
Not currently trending

Risk scores

CVSS 2.0

Type
Primary
Base score
2.1
Impact score
2.9
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-119

Configurations