RedHatRHSA-2013:0829(RHSA-2013:0829) Important: kernel-rt security and bug fix update
0.003 Low
EPSS
Percentile
70.9%
Security fixes:
- It was found that the kernel-rt update RHBA-2012:0044 introduced an
integer conversion issue in the Linux kernel’s Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could use
this flaw to escalate their privileges. (CVE-2013-2094, Important)
A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is
available. Refer to Red Hat Knowledge Solution 373743, linked to in the
References, for further information and mitigation instructions for users
who are unable to immediately apply this update.
-
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913, Important) -
It was found that the Linux kernel used effective user and group IDs
instead of real ones when passing messages with SCM_CREDENTIALS ancillary
data. A local, unprivileged user could leverage this flaw with a set user
ID (setuid) application, allowing them to escalate their privileges.
(CVE-2013-1979, Important) -
A race condition in install_user_keyrings(), leading to a NULL pointer
dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate) -
A NULL pointer dereference flaw was found in the Linux kernel’s XFS file
system implementation. A local user who is able to mount an XFS file
system could use this flaw to cause a denial of service. (CVE-2013-1819,
Moderate) -
An information leak was found in the Linux kernel’s POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low) -
A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low) -
A NULL pointer dereference flaw was found in the Linux kernel’s USB
Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device’s tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low) -
A format string flaw was found in the ext3_msg() function in the Linux
kernel’s ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low) -
A heap-based buffer overflow flaw was found in the Linux kernel’s
cdc-wdm driver, used for USB CDC WCM device management. An attacker with
physical access to a system could use this flaw to cause a denial of
service or, potentially, escalate their privileges. (CVE-2013-1860, Low) -
A heap-based buffer overflow in the way the tg3 Ethernet driver parsed
the vital product data (VPD) of devices could allow an attacker with
physical access to a system to cause a denial of service or, potentially,
escalate their privileges. (CVE-2013-1929, Low) -
Information leaks in the Linux kernel’s cryptographic API could allow a
local user who has the CAP_NET_ADMIN capability to leak kernel stack memory
to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low) -
Information leaks in the Linux kernel could allow a local, unprivileged
user to leak kernel stack memory to user-space. (CVE-2013-2634,
CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
CVE-2013-3231, Low)
Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.
CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Related
