VDB

CVE-2013-2547

CVE-2013-2547 REJECTED

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

EPSS 0.10% · 27.2th percentile

Risk Scores

EPSS Score
0.10%
27.2th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-aws0
Ubuntu:16.04:LTSlinux-snapdragon0
Ubuntu:14.04:LTSlinux-lts-utopic0
Ubuntu:14.04:LTSlinux0
Ubuntu:16.04:LTSlinux-hwe0
Ubuntu:16.04:LTSlinux-raspi20
Ubuntu:14.04:LTSlinux-manta0, 3.4.0-4.19
Ubuntu:16.04:LTSlinux0
Ubuntu:14.04:LTSlinux-lts-vivid0
Ubuntu:16.04:LTSlinux-goldfish0, 3.4.0-4.24, 3.4.0-4.26
Ubuntu:14.04:LTSlinux-lts-xenial0
Ubuntu:14.04:LTSlinux-lts-wily0
Ubuntu:16.04:LTSlinux-gke0
Ubuntu:14.04:LTSlinux-aws0

Exploit Intelligence

…and 82 more exploits

Timeline

  • Jun 11, 2013 PoC Published
  • May 31, 2014 PoC Published
  • Dec 3, 2017 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›