Oval Definition:oval:com.ubuntu.precise:def:20132547000
Revision Date:2013-03-15Version:1
Title:CVE-2013-2547 on Ubuntu 12.04 LTS (precise) - medium.
Description:The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. Mathias Krause discovered a memory leak in the Linux kernel's crypto report API. A local user with CAP_NET_ADMIN could exploit this leak to examine some of the kernel's heap memory.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2013-2547
Platform(s):Ubuntu 12.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 12.04 LTS (precise) is installed.
  • AND Package Information
  • The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-40.64').
  • OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1616.25').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR The 'linux-lts-quantal' package in precise was vulnerable but has been fixed (note: '3.5.0-27.46~precise1').
  • OR NOT While related to the CVE in some way, the 'linux-lts-trusty' package in precise is not affected (note: '3.13.0-24.46~precise1').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1429.38').
    • BACK