Red Hat Customer Portal

Skip to main content

CVE-2013-2188

A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only.

Details Source

Mitre

Statement

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux MRG 2.

This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html).

Upstream is not affected.

Public Date

2013-06-17 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-2188 kernel: fs: filp leak on ro filesystem

Bugzilla ID

975 406

CVSS Status

verified

Base Score

4.70

Base Metrics

AV:L/AC:M/Au:N/C:N/I:N/A:C

Acknowledgements

This issue was discovered by Mateusz Guzik of Red Hat.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2013:0911 2013-06-10

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected