Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux kernel 安全漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.19.3之前版本中存在安全漏洞,该漏洞源于crypto/crypto_user.c文件的‘crypto_report_one()’及相关函数没有充分地过滤复制到用户空间的框架。攻击者可利用该漏洞泄露敏感的内存。
CVSS Information
N/A
Vulnerability Type
N/A