Commit 257b5358b32f ("scm: Capture the full credentials of the scm sender") changed the credentials passing code to pass in the effective uid/gid instead of the real uid/gid.
Obviously this doesn't matter most of the time (since normally they are the same), but it results in differences for suid binaries when the wrong uid/gid ends up being used.
An unprivileged local user could use this flaw to elevate their privileges.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6.
This issue was addressed in Red Hat Enterprise MRG 2 via RHSA-2013:0829 https://rhn.redhat.com/errata/RHSA-2013-0829.html
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 955647]
kernel-3.8.8-203.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.8.11-100.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
MRG for RHEL-6 v.2
Via RHSA-2013:0829 https://rhn.redhat.com/errata/RHSA-2013-0829.html