oss-sec mailing list archives
Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 20 Feb 2013 12:17:21 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/20/2013 12:09 PM, P J P wrote:
Hello, Linux kernel built with Extended Verification Module(EVM) and configured properly, is vulnerable to a NULL pointer de-reference flaw, caused by accessing extended attribute routines of sockfs inode object. An unprivileged user/program could use this to crash the kernel, resulting in DoS. Upstream fix: -> https://git.kernel.org/linus/a67adb997419fb53540d4a4f79c6471c60bc69b6 Reference: -> https://bugzilla.redhat.com/show_bug.cgi?id=913266
Please use CVE-2013-0313for this issue.
Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRJSFAAAoJEBYNRVNeJnmTGp8QAMhrgMc45wgfynP+WhUesws6 dUB+acCrE9a0TCnAvJAV03ula/hqy5SZmoyZgSZI14Szy5ocZZQesauprKyWzJc3 KQqr8pp3isiACJWz7ZjOyGYpEweP1df1q/WLyfAa4uzdHjQ8S1CP7kIlIrV3yfyB RUBIkR9PLi3CtAwzn08BIIJHOXLhNL0U3eFd47G83fdsb549BHcF56/wo4MaMtF2 CgShhhQjOl+N5zIs0NR1qwtQoFHO0B4QJPAAqPPK0jdWul/+XBXWxvCh6SPIZHjy ty7YJ2+lP54J1ZMAQUDXlKwjHqqwPmnGk1BRZ2ARfOtDUhkDPObYiqMjXbuE/DPQ Vz0Hs8hmx8RSfCqrhcOUL72Sr+4WlkMLiGsNp+zS+pGCOIe3bCTpnA9I+Ef4Z4vl Z+amEM0+5c+9JTMxuvvO/ScOKUkSRIgbXf0qswduBoy+r5pGn+cR2qdLAmwFUZdF aXJwoE5C85PxnsAMSsVuSD6w4S9AceQhFnVJz4tOT85OuBjUTWkWkEAMpi/ZjS+m YRR39qQZ590zJxYNi7c3XwG0Wzx/ZIANLkzxy5qm7CJeAaYtpmBIn4Q39+KJPOmb cM6pDRdWfIZcApHcgzqUlHo2ZTCFJKKYJNsoqDtv5a1Ijg09Je95TycAVKflMsMd oEUiQX1871yzYMbaDsBr =iYQK -----END PGP SIGNATURE-----
Current thread:
- CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 20)
- Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried (Feb 20)