Linux kernel built with the system-call auditing support(CONFIG_AUDITSYSCALL) is vulnerable to a kernel crash or information disclosure flaw caused by out of bounds memory access. It could occur when system call audit rules are configured on a system. Administrative privileges are required to add such audit rules. When system call audit rules are present on a system, an unprivileged user/program could use this flaw to leak kernel memory bytes or crash the system resulting DoS. Upstream fix: ------------- -> http://article.gmane.org/gmane.linux.kernel/1713179 References: ----------- -> http://seclists.org/oss-sec/2014/q2/377
Statement: (none)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1102715]
kernel-3.14.5-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.14.7-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:0913 https://rhn.redhat.com/errata/RHSA-2014-0913.html
IssueDescription: An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1143 https://rhn.redhat.com/errata/RHSA-2014-1143.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1167 https://rhn.redhat.com/errata/RHSA-2014-1167.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1281 https://rhn.redhat.com/errata/RHSA-2014-1281.html