CVE-2013-2546

Published Mar 15, 2013

Last updated a year ago

Overview

Description
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
Source
cve@mitre.org
NVD status
Modified

Social media

Hype score
Not currently trending

Risk scores

CVSS 2.0

Type
Primary
Base score
2.1
Impact score
2.9
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-310

Evaluator

Comment
-
Impact
Per https://access.redhat.com/security/cve/CVE-2013-2546 "These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue."
Solution
Per https://access.redhat.com/security/cve/CVE-2013-2546 "These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue."

Configurations