Hide Forgot
Linux kernels built with crypto user APIs are vulnerable to the information disclosure flaw. It occurs when user calls the `crypto_*_report' APIs via netlink based crypto API interface. 1) CVE-2013-2546: Structures used for the netlink based crypto report API are located on the stack. Uninitialised kernel memory bytes from these structures are leaked, as `snprintf' does not fill the remainder of the buffer with zero(NULL) bytes. 2) CVE-2013-2547: routine `crypto_report_one' does not initialize all fields of a structure `struct crypto_user_alg'. Thus, uninitialised heap memory bytes are leaked to the user space. 3) CVE-2013-2548: while copying kernel module name, we should copy only as many bytes as module_name() returns and not as much as the destination buffer could hold. But the current code copies uninitialised data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME, thus leaking kernel memory bytes. A privileged user/program (CAP_NET_ADMIN) could use this flaw to read kernel memory area. Upstream fix: ------------- -> https://git.kernel.org/linus/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6
Statement: These issues do not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 918521]
kernel-3.8.2-206.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.8.3-103.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0829 https://rhn.redhat.com/errata/RHSA-2013-0829.html