A flaw was found in the way do_filp_open() function in the Linux kernel handled cleanup in case write access to a mount was denied. A local unprivileged user with acces to a read-only mount could use this flaw to crash the system.
This issue affected Red Hat Enterprise Linux 6 only. Upstream is not affected.
This issue was discovered by Mateusz Guzik of Red Hat.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux MRG 2.
This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html).
Upstream is not affected.