CVE-2013-2548
The MITRE CVE dictionary describes this issue as:
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
Find out more about CVE-2013-2548 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
These issues do not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.
These issues do affect the version of Linux kernel as shipped with Red Hat
Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address
this issue.
CVSS v2 metrics
| Base Score | 1 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:S/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2013:0829 | 2013-05-20 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
CVE description copyright © 2017, The MITRE Corporation