Local root vulnerability in the kernel
Local root vulnerability in the kernel
[Security] Posted May 15, 2013 14:05 UTC (Wed) by corbet
Commit b0a873ebb, merged for the 2.6.37 kernel, included an out of bounds reference bug that went undetected until Tommi Rantala discovered it with the Trinity fuzzing tool this April. It wasn't seen as a security bug by the kernel developers until an exploit was posted; the problem is now known as CVE-2013-2094. Mainline kernels 2.6.37-3.9 are vulnerable, but Red Hat also backported the bug into the 2.6.32-based kernel found in RHEL6. Expect distributor updates shortly.