Access to /dev/cpu/*/msr was protected only using filesystem checks. A local uid 0 (root) user with all capabilities dropped could use this flaw to execute arbitrary code in kernel mode. Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00 References: http://grsecurity.net/~spender/msr32.c
Created kernel tracking bugs for this issue Affects: fedora-all [bug 908706]
kernel-3.7.6-201.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0621 https://rhn.redhat.com/errata/RHSA-2013-0621.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html