{
  "threat_severity" : "Low",
  "public_date" : "2013-02-05T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: crypto: info leaks in report API",
    "id" : "918512",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=918512"
  },
  "cvss" : {
    "cvss_base_score" : "1.0",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:S/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability." ],
  "statement" : "These issues do not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. \nThese issues do affect the version of Linux kernel as shipped with Red Hat\nEnterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address\nthis issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-05-20T00:00:00Z",
    "advisory" : "RHSA-2013:0829",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11.2-rt33.39.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-2547\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2547" ],
  "name" : "CVE-2013-2547",
  "csaw" : false
}