Bug 913266 (CVE-2013-0313)

Summary: CVE-2013-0313 kernel: evm: NULL pointer de-reference local DoS
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: agordeev, anton, bhu, davej, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jneedle, jonathan, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, mcressma, npajkovs, plougher, pmatouse, rt-maint, rvrbovsk, sforsber, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:06:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 904527    

Description Prasad Pandit 2013-02-20 19:03:12 UTC
Linux kernel built with Extended Verification Module(EVM) on and configured
properly, is vulnerable to a NULL pointer de-reference issue, caused by
accessing extended attribute routines of sockfs inode object.

An unprivileged user/program could use this flaw to crash the Linux kernel,
resulting in DoS.

Upstream fix:
 -> https://git.kernel.org/linus/a67adb997419fb53540d4a4f79c6471c60bc69b6

Comment 1 Prasad Pandit 2013-02-21 06:46:21 UTC
CVE-2013-0313 is assigned to this issue.

Comment 2 Prasad Pandit 2013-02-21 07:16:27 UTC

Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and 6, and Red Hat Enterprise MRG 2.