Linux kernel built with the Frame Buffer devices support(CONFIG_FB) is vulnerable to an integer overflow flaw. It could occur while mapping memory via mmap2(2) call. User would need to have privileges to access the video device files /dev/fb* etc. A user/program able to access the video device files could use this flaw to potentially escalate privileges on a system. Upstream fix: ------------- -> https://git.kernel.org/linus/b4cbb197c7e7a68dbad0d491242e3ca67420c13e -> https://git.kernel.org/linus/fc9bbca8f650e5f738af8806317c0a041a48ae4a References: ----------- -> http://forum.xda-developers.com/showthread.php?t=2255491 -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2596
Statement: This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.
IssueDescription: An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1392 https://rhn.redhat.com/errata/RHSA-2014-1392.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2015:0695 https://rhn.redhat.com/errata/RHSA-2015-0695.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0782 https://rhn.redhat.com/errata/RHSA-2015-0782.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2015:0803 https://rhn.redhat.com/errata/RHSA-2015-0803.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:0450 https://rhn.redhat.com/errata/RHSA-2016-0450.html