Red Hat Bugzilla – Bug 1007733
CVE-2013-4343 Kernel: net: use-after-free TUNSETIFF
Last modified: 2016-01-28 04:32:22 EST
Linux kernel built with the Universal TUN/TAP device driver(CONFIG_TUN) support
is vulnerable to a potential privilege escalation via an use-after-free flaw.
It could occur while doing an ioctl(TUNSETIFF) call.
A privileged(CAP_NET_ADMIN) user/program could use this flaw to crash the
kernel resulting DoS or potentially escalate privileges to gain root access
to a system.
This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1007741]
kernel-3.11.1-200.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.10.12-100.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.11.1-300.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
MRG for RHEL-6 v.2
Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
Upstream commit 662ca437e714caaab855b12415d6ffd815985bc0