An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system.
Find out more about CVE-2013-2596 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.
| Base Score | 6 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2014:1392 | 2014-10-13 |
| Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) | RHSA-2015:0695 | 2015-03-17 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) | RHSA-2015:0803 | 2015-04-14 |
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2016:0450 | 2016-03-15 |
| Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) | RHSA-2015:0782 | 2015-04-07 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
Vulmon