A flaw was found in the way do_filp_open() function in the Linux kernel handled cleanup in case write access to a mount was denied. A local unprivileged user with acces to a read-only mount could use this flaw to crash the system. This issue affected Red Hat Enterprise Linux 6 only. Upstream is not affected. Acknowledgements: This issue was discovered by Mateusz Guzik of Red Hat.
Statement: This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux MRG 2. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html). Upstream is not affected.