An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-04T16:00:00
Updated: 2024-08-05T11:44:20.568Z
Reserved: 2018-12-04T00:00:00
Link: CVE-2018-19854
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-04T16:29:00.587
Modified: 2019-11-06T01:15:17.137
Link: CVE-2018-19854
Redhat