CVE-2013-2547 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-2547 Interim 1 11 2025-11-05T05:23:10Z current 2021-05-30T13:12:24Z 2025-11-05T05:23:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-2547 The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-2547 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N