First published: Fri May 31 2013(Updated: )
A flaw was found in the way certain disk names were interpreted by the Linux kernel. Block layer uses the "disk_name" field as a format string in a number of places. While this is normally not a problem due to how disk names are created (statically or incrementally), there is currently at least one way to define nearly arbitrary names via md. A privileged (uid 0) local user could potentially use this flaw to execute code at ring0. Acknowledgements: Red Hat would like to thank Kees Cook for reporting this issue.
Credit: chrome-cve-admin@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=3.9.4 | |
Linux Linux kernel | =3.9-rc1 | |
Linux Linux kernel | =3.9-rc2 | |
Linux Linux kernel | =3.9-rc3 | |
Linux Linux kernel | =3.9-rc4 | |
Linux Linux kernel | =3.9-rc5 | |
Linux Linux kernel | =3.9-rc6 | |
Linux Linux kernel | =3.9-rc7 | |
Linux Linux kernel | =3.9.0 | |
Linux Linux kernel | =3.9.1 | |
Linux Linux kernel | =3.9.2 | |
Linux Linux kernel | =3.9.3 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.9-1 6.11.10-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.