CVE-2013-7421
A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.
Find out more about CVE-2013-7421 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of the kernel as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
This issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v2 metrics
| Base Score | 2.1 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:N/I:P/A:N |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2016:0068 | 2016-01-26 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2015:2411 | 2015-11-19 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2015:2152 | 2015-11-19 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |