Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:0829 - Security Advisory
Issued:
2013-05-20
Updated:
2013-05-20

RHSA-2013:0829 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kernel-rt packages that fix several security issues and multiple
bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

Security fixes:

  • It was found that the kernel-rt update RHBA-2012:0044 introduced an

integer conversion issue in the Linux kernel's Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could use
this flaw to escalate their privileges. (CVE-2013-2094, Important)

A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is
available. Refer to Red Hat Knowledge Solution 373743, linked to in the
References, for further information and mitigation instructions for users
who are unable to immediately apply this update.

  • An integer overflow flaw, leading to a heap-based buffer overflow, was

found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913, Important)

  • It was found that the Linux kernel used effective user and group IDs

instead of real ones when passing messages with SCM_CREDENTIALS ancillary
data. A local, unprivileged user could leverage this flaw with a set user
ID (setuid) application, allowing them to escalate their privileges.
(CVE-2013-1979, Important)

  • A race condition in install_user_keyrings(), leading to a NULL pointer

dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate)

  • A NULL pointer dereference flaw was found in the Linux kernel's XFS file

system implementation. A local user who is able to mount an XFS file
system could use this flaw to cause a denial of service. (CVE-2013-1819,
Moderate)

  • An information leak was found in the Linux kernel's POSIX signals

implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

  • A use-after-free flaw was found in the tmpfs implementation. A local user

able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)

  • A NULL pointer dereference flaw was found in the Linux kernel's USB

Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device's tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

  • A format string flaw was found in the ext3_msg() function in the Linux

kernel's ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)

  • A heap-based buffer overflow flaw was found in the Linux kernel's

cdc-wdm driver, used for USB CDC WCM device management. An attacker with
physical access to a system could use this flaw to cause a denial of
service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

  • A heap-based buffer overflow in the way the tg3 Ethernet driver parsed

the vital product data (VPD) of devices could allow an attacker with
physical access to a system to cause a denial of service or, potentially,
escalate their privileges. (CVE-2013-1929, Low)

  • Information leaks in the Linux kernel's cryptographic API could allow a

local user who has the CAP_NET_ADMIN capability to leak kernel stack memory
to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)

  • Information leaks in the Linux kernel could allow a local, unprivileged

user to leak kernel stack memory to user-space. (CVE-2013-2634,
CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
CVE-2013-3231, Low)

Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.
CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.

Solution

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix
the bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system
must be rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object
  • BZ - 916191 - CVE-2013-1774 Kernel: USB io_ti driver NULL pointer dereference in routine chase_port
  • BZ - 916646 - CVE-2013-1792 Kernel: keys: race condition in install_user_keyrings()
  • BZ - 918009 - CVE-2013-1819 kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end
  • BZ - 918098 - build id problem - needed for systemtap and perf annotations
  • BZ - 918512 - kernel: crypto: info leaks in report API
  • BZ - 920471 - CVE-2013-0913 Kernel: drm/i915: heap writing overflow
  • BZ - 920499 - CVE-2013-0914 Kernel: sa_restorer information leak
  • BZ - 920783 - CVE-2013-1848 kernel: ext3: format string issues
  • BZ - 921970 - CVE-2013-1860 kernel: usb: cdc-wdm buffer overflow triggered by device
  • BZ - 924689 - CVE-2013-2634 kernel: Information leak in the Data Center Bridging (DCB) component
  • BZ - 924690 - CVE-2013-2635 kernel: Information leak in the RTNETLINK component
  • BZ - 927026 - disable NO_HZ by default missing from v3.6-rt
  • BZ - 949932 - CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmware parsing
  • BZ - 955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg()
  • BZ - 955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()
  • BZ - 955629 - CVE-2013-1979 kernel: net: incorrect SCM_CREDENTIALS passing
  • BZ - 955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg
  • BZ - 956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg
  • BZ - 956162 - CVE-2013-3076 Kernel: crypto: algif - suppress sending source address information in recvmsg
  • BZ - 962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

CVEs

  • CVE-2013-1792
  • CVE-2013-1767
  • CVE-2013-0913
  • CVE-2013-1774
  • CVE-2013-2094
  • CVE-2013-1929
  • CVE-2013-3231
  • CVE-2013-2635
  • CVE-2013-1860
  • CVE-2013-3225
  • CVE-2013-3224
  • CVE-2013-2634
  • CVE-2013-3076
  • CVE-2013-2548
  • CVE-2013-1819
  • CVE-2013-3222
  • CVE-2013-0914
  • CVE-2013-1848
  • CVE-2013-2546
  • CVE-2013-2547
  • CVE-2013-1979

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/site/solutions/373743
  • https://rhn.redhat.com/errata/RHBA-2012-0044.html
  • https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0829.html
Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.6.11.2-rt33.39.el6rt.src.rpm SHA-256: cd31dd05fcec61e0a45cdcd81d7073c0854062d0b2237474e1da8426e8b84c33
x86_64
kernel-rt-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 65e49c793a0881b1fd848588f9049e0aba440a5025c4f35e0590f81988f80895
kernel-rt-debug-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 7ad698f9e7bd12e9cf4b4928dd8c2b150d1beae8b0e51760ca80c3aebfb31937
kernel-rt-debug-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 3f8e0914461a1b047cc68a3d1f61966a9e1c7b0a0b0e174a5883323a07a41e75
kernel-rt-debug-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 9075220032bd24289a2db97cd89a76f7d95f9ec3e7ffa60ecf2acb4b784be6d8
kernel-rt-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: ca0250555e892ab8593f1a7686a905ffea06d9e6a382f865de1ec0fbd270fb35
kernel-rt-debuginfo-common-x86_64-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 940b32fa4d85db5f4e24d65794ba81ff00fbeaddebdd1339a2b0a5d12faa72e2
kernel-rt-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 627d0c5af14d6415932dfe54b8770b72690c68f4c0f8c4af5b21b7ff25a8ff62
kernel-rt-doc-3.6.11.2-rt33.39.el6rt.noarch.rpm SHA-256: ced20946b3aab4b3507f120d00ba201e44024c9450e35dabf49ede8a5950c22c
kernel-rt-firmware-3.6.11.2-rt33.39.el6rt.noarch.rpm SHA-256: ebbceb22eebd0138c293aea3c1479b46e30b480009820b97043938e3424bb180
kernel-rt-trace-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 1bb944891683b3caba83aa725b9b8d6759a164ca10a075f270e510ff5b73db14
kernel-rt-trace-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: cfd70658b3c149d49bb4270cc888273b9f4dc6029857271a187bc76248cd3304
kernel-rt-trace-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 1b224033e825e7f6772fc976a3257f205a958d83ae31273ccc42c17aeac92a32
kernel-rt-vanilla-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 15a0e21729f67eb754ffd9019137e7a85c01cd02149981611781c46d72f39e5f
kernel-rt-vanilla-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 36aaf9a9fc32fadb9be047bc650071b8256fdb3a3a3b764b8b2f799c9d977fd3
kernel-rt-vanilla-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm SHA-256: 84ee9f85150f6d03b2920a74195240f3aff8a4f06515f50d3e91ebae2e30bedc
mrg-rt-release-3.6.11.2-rt33.39.el6rt.noarch.rpm SHA-256: de5c107fbe2ec5c7dae1d49e40c4ff6d8b2e784dc7d2aecc38d8012ffca64e49

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility