Release date:
Updated on: 2013-02-23
Affected Systems:
Linux kernel 3.7.x
Linux kernel 3.4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58071
CVE (CAN) ID: CVE-2013-0313
Linux Kernel is the Kernel of the Linux operating system.
In versions earlier than Linux Kernel 3.4.28 and 3.7.5, when accessing the extended attributes routine of the sockfs inode object, the "evm_update_evmxattr ()" function (security/integrity/evm/evm_crypto.c) the internal EVM has a null pointer reference error. Specially crafted programs can cause kernel crash. To successfully exploit this vulnerability, you must use the EVM to build and configure the kernel.
<* Source: vendor
Link: http://secunia.com/advisories/52202/
Http://www.openwall.com/lists/oss-security/2013/02/20/15
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://git.kernel.org/linus/a67adb997419fb53540d4a4f79c6471c60bc69b6