Possible Kernel User Escalation Issue For CentOS-6.4

Home » CentOS » Possible Kernel User Escalation Issue For CentOS-6.4
CentOS 2 Comments

The following kernel has been built while waiting for upstream to release a new kernel that addresses CVE-2013-2224:

http://people.CentOS.org/hughesjr/c6kernel/2.6.32-358.11.1.el6.cve20132224/

Please see this upstream bug for details:

https://bugzilla.redhat.com/show_bug.cgi?id=979936

=========================

Note: This kernel has been minimally tested and is provided as is for people who do not want to wait for the official kernel. It is the standard CentOS kernel with one added patch (
https://bugzilla.redhat.com/attachment.cgi?id=767364)

This kernel needs to be tested for fitness by each user before being placed in production. It is a best effort to mitigate an issue that can cause local user escalation to root while waiting for upstream to fix and QA the official kernel. Use at your own risk.

Thanks, Johnny Hughes

2 thoughts on - Possible Kernel User Escalation Issue For CentOS-6.4

  • Thanks for these Johnny much appreciated, I was quite surprised to find the fix was not in the .14.1 kernel update from upstream.

    I guess upstream does not see this as “important” enough.

    Regards, Jake Shipton (JakeMS)
    GPG Key: 0xE3C31D8F
    GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F

LEAVE A COMMENT