Upstream information

CVE-2013-2128 at MITRE

Description

The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.9
Vector AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Note from the SUSE Security Team

The problem was introduced in Linux kernel 2.6.25, so it does not affected SUSE Linux Enterprise 10. SUSE Linux Enterprise Server 11 SP1 was fixed via the 2.6.32.23 stable update and SUSE Linux Enterprise 11 SP2 and newer are not affected by this problem.,This problem only affects newer dbus-1 versions, older versions like on SUSE Linux Enterprise 11 or older products are not affected.,The problem was introduced in Linux kernel 2.6.25, so it does not affected SUSE Linux Enterprise 10. SUSE Linux Enterprise Server 11 SP1 was fixed via the 2.6.32.23 stable update and SUSE Linux Enterprise 11 SP2 and newer are not affected by this problem.,This problem only affects newer dbus-1 versions, older versions like on SUSE Linux Enterprise 11 or older products are not affected.

SUSE Bugzilla entry: 822583 [RESOLVED / UPSTREAM]

No SUSE Security Announcements cross referenced.