Novell Home

CVE-2013-2546

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2546 at MITRE

Description

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Note from the SUSE Security Team

The affected crypto code was introduced in Linux kernel 3.2 and not backported to older kernel versions. So SUSE Linux Enterprise 11 or earlier versions are not affected by this problem.

Novell Bugzilla entry: 809906

SUSE Security Advisories:

© 2014 Novell