Oval Definition:oval:com.redhat.rhsa:def:20130744
Revision Date:2013-04-23Version:646
Title:RHSA-2013:0744: kernel security and bug fix update (Important)
Description:Security:

  • An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important)

  • A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important)

  • A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important)

  • A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important)

  • A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important)

  • A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate)

  • A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate)

  • A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate)

  • Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low)

  • Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low)

  • An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low)

  • An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low)

  • A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low)

  • A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

    Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2012-6537
    CVE-2012-6537
    CVE-2012-6538
    CVE-2012-6538
    CVE-2012-6546
    CVE-2012-6546
    CVE-2012-6547
    CVE-2012-6547
    CVE-2013-0349
    CVE-2013-0349
    CVE-2013-0913
    CVE-2013-0913
    CVE-2013-1767
    CVE-2013-1767
    CVE-2013-1773
    CVE-2013-1773
    CVE-2013-1774
    CVE-2013-1774
    CVE-2013-1792
    CVE-2013-1792
    CVE-2013-1796
    CVE-2013-1796
    CVE-2013-1797
    CVE-2013-1797
    CVE-2013-1798
    CVE-2013-1798
    CVE-2013-1826
    CVE-2013-1826
    CVE-2013-1827
    CVE-2013-1827
    RHSA-2013:0744
    RHSA-2013:0744-01
    RHSA-2013:0744-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • kernel earlier than 0:2.6.32-358.6.1.el6 is currently running
  • OR kernel earlier than 0:2.6.32-358.6.1.el6 is set to boot up on next boot
  • AND
  • kernel is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel is signed with Red Hat redhatrelease2 key
  • kernel-bootwrapper is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-bootwrapper is signed with Red Hat redhatrelease2 key
  • kernel-debug is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-debug is signed with Red Hat redhatrelease2 key
  • kernel-debug-devel is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-devel is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-devel is signed with Red Hat redhatrelease2 key
  • kernel-doc is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-doc is signed with Red Hat redhatrelease2 key
  • kernel-firmware is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-firmware is signed with Red Hat redhatrelease2 key
  • kernel-headers is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-headers is signed with Red Hat redhatrelease2 key
  • kernel-kdump is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-kdump is signed with Red Hat redhatrelease2 key
  • kernel-kdump-devel is earlier than 0:2.6.32-358.6.1.el6
  • AND kernel-kdump-devel is signed with Red Hat redhatrelease2 key
  • perf is earlier than 0:2.6.32-358.6.1.el6
  • AND perf is signed with Red Hat redhatrelease2 key
  • python-perf is earlier than 0:2.6.32-358.6.1.el6
  • AND python-perf is signed with Red Hat redhatrelease2 key
  • BACK