DEBIAN-CVE-2013-2547

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2013-2547

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-2547.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2013-2547

Upstream

CVE-2013-2547

Published

2013-03-15T20:55:08.633Z

Modified

2025-11-14T03:08:11.978920Z

Summary

[none]

Details

The cryptoreportone function in crypto/cryptouser.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNET_ADMIN capability.

References

https://security-tracker.debian.org/tracker/CVE-2013-2547

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.41-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.41-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.41-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.41-1

Ecosystem specific

{
    "urgency": "low"
}