You are here

V-098: Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service

February 25, 2013 - 12:12am

Addthis

PROBLEM:

Linux Kernel Extended Verification Module Bug Lets Local Users Deny Service 

PLATFORM:

The Linux Kernel prior to 3.7.5

ABSTRACT:

A vulnerability was reported in the Linux Kernel.

REFERENCE LINKS:

The Linux Kernel Archives
Linux Kernel
Red Hat Bugzilla – Bug 913266
SecurityTracker Alert ID:  1028196
CVE-2013-0313

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user can exploit a null pointer dereference in the evm_update_evmxattr() function in 'security/integrity/evm/evm_crypto.c' to cause the target system to crash.

IMPACT:

A local user can cause denial of service conditions.

SOLUTION:

The vendor has issued a fix (3.7.5).

Addthis