Description of the problem:
A buffer overrun flaw was found in kernels from 3.0 to 3.4 when calling
log_prefix() function from call_console_drivers().
In log_prefix(), the access to "p", "p" or
"simple_strtoul(&p, &endp, 10)" may cause a buffer overflow as this
function is called from call_console_drivers by passing "&LOG_BUF(cur_index)"
where the index must be masked to do not exceed the buffer's boundary.
A local user able to write to /dev/kmsg could use this flaw to crash the
Note: /dev/kmsg is root writable only (at least on RHEL/Fedora), but it
still might cause issues in restricted root environments.
This issue did not affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5 and 6. Future kernel updates for Red Hat Enterprise MRG 2 may address this flaw.
This issue has been addressed in following products:
MRG for RHEL-6 v.2
Via RHSA-2013:0566 https://rhn.redhat.com/errata/RHSA-2013-0566.html