RHSA-2013:0744-01 -- Redhat kernel and perfID: oval:org.secpod.oval:def:501046 | Date: (C)2013-04-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s function of the Linux kernel"s FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register fell into a movable or removable memory region of the hosting user-space process on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. * A flaw was found in the way KVM emulated IOAPIC . A missing validation check in the ioapic_read_indirect function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. * A race condition in install_user_keyrings, leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. * A NULL pointer dereference in the Datagram Congestion Control Protocol implementation could allow a local user to cause a denial of service. * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. * Two information leak flaws in the Asynchronous Transfer Mode subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. * A NULL pointer dereference was found in the Linux kernel"s USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Platform: |
Red Hat Enterprise Linux 6 |