V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

February 25, 2013 - 12:12am

PROBLEM:

Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

PLATFORM:

The Linux Kernel prior to 3.7.5

ABSTRACT:

A vulnerability was reported in the Linux Kernel.

REFERENCE LINKS:

The Linux Kernel Archives
Linux Kernel
Red Hat Bugzilla – Bug 913266
SecurityTracker Alert ID: 1028196
CVE-2013-0313

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user can exploit a null pointer dereference in the evm_update_evmxattr() function in 'security/integrity/evm/evm_crypto.c' to cause the target system to crash.

IMPACT:

A local user can cause denial of service conditions.

SOLUTION:

The vendor has issued a fix (3.7.5).

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

PROBLEM:

PLATFORM:

ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

DISCUSSION:

IMPACT:

SOLUTION:

JC3 Contact:

Energy.gov

Energy.gov

Office of the Chief Information Officer

Search form

Office of the Chief Information Officer

All Offices

You are here

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

Addthis

PROBLEM:

PLATFORM:

ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

DISCUSSION:

IMPACT:

SOLUTION:

Addthis

Related Articles

JC3 Contact:

Energy.gov