Vulnerabilities > CVE-2012-5517 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1673-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63299 published 2012-12-19 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63299 title USN-1673-1 : linux-ti-omap4 vulnerability NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1669-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63296 published 2012-12-19 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63296 title Ubuntu 12.04 LTS : linux vulnerability (USN-1669-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-194.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (CVE-2013-2147) The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (CVE-2013-2234) The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. (CVE-2012-5517) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. (CVE-2013-3301) The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (CVE-2013-0231) The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. (CVE-2013-2850) The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67254 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67254 title Mandriva Linux Security Advisory : kernel (MDVSA-2013:194) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1679-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63322 published 2012-12-21 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63322 title USN-1679-1 : linux-ti-omap4 vulnerability NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2520.NASL description Description of changes: kernel-uek [2.6.32-400.26.2.el6uek] - mm/hotplug: correctly add new zone to all other nodes last seen 2020-06-01 modified 2020-06-02 plugin id 68852 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68852 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2520) NASL family Scientific Linux Local Security Checks NASL id SL_20121218_KERNEL_ON_SL6_X.NASL description This update fixes the following security issues : - It was found that a previous update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) - A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-03-18 modified 2012-12-20 plugin id 63313 published 2012-12-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63313 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121218) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1704-1.NASL description Brad Spengler discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63669 published 2013-01-23 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63669 title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2507.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 68847 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68847 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1678-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63321 published 2012-12-21 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63321 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1678-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-148.NASL description A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375 , Moderate) A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 69707 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69707 title Amazon Linux AMI : kernel / nvidia (ALAS-2013-148) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1580.NASL description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 63305 published 2012-12-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63305 title CentOS 6 : kernel (CESA-2012:1580) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0003.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) [Orabug: 16069448] - bonding: rlb mode of bond should not alter ARP originating via bridge (zheng.li) [Orabug: 14650975] - compilation fix oracleasm typo (Maxim Uvarov) - mm/hotplug: correctly add new zone to all other nodes last seen 2020-06-01 modified 2020-06-02 plugin id 79495 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79495 title OracleVM 3.2 : kernel-uek (OVMSA-2013-0003) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2047.NASL description Description of changes: [2.6.39-300.17.3.el6uek] - mm/hotplug: correctly add new zone to all other nodes last seen 2020-06-01 modified 2020-06-02 plugin id 68689 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68689 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2047) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2534.NASL description Description of changes: [2.6.32-400.29.1.el6uek] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1.el6uek] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don last seen 2020-06-01 modified 2020-06-02 plugin id 68856 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68856 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1580.NASL description From Red Hat Security Advisory 2012:1580 : Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 68666 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68666 title Oracle Linux 6 : kernel (ELSA-2012-1580) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1677-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63320 published 2012-12-21 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63320 title Ubuntu 11.10 : linux vulnerability (USN-1677-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1671-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63298 published 2012-12-19 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63298 title Ubuntu 12.10 : linux vulnerability (USN-1671-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1704-2.NASL description USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64436 published 2013-02-04 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64436 title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1580.NASL description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 63292 published 2012-12-19 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63292 title RHEL 6 : kernel (RHSA-2012:1580) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1670-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63297 published 2012-12-19 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63297 title USN-1670-1 : linux-ti-omap4 vulnerability NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-121203.NASL description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements : - The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. - The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. - The tipc kernel module is now externally supported (FATE#305033). - Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. - Intel Lynx Point PCH chipset support was added. (FATE#313409) - Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed : - A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. (CVE-2012-5517) - A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. (CVE-2012-4461) - The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (CVE-2012-1601) - Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. (CVE-2012-2372) - Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the last seen 2020-06-05 modified 2013-01-25 plugin id 64180 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64180 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:56527 CVE ID:CVE-2012-5517 Linux是一款开源的操作系统。 处理新节点热添加(hot-added)内存扩展到其他节点管理区链表(zonelist)时存在一个空指针应用漏洞,允许非特权本地用户利用此漏洞使系统崩溃。 0 Linux kernel 2.6.x 用户可参考如下厂商提供的安全公告获得补丁信息: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1 |
id | SSV:60472 |
last seen | 2017-11-19 |
modified | 2012-11-19 |
published | 2012-11-19 |
reporter | Root |
title | Linux Kernel 空指针引用拒绝服务漏洞(CVE-2012-5517) |
References
- http://www.openwall.com/lists/oss-security/2012/11/13/11
- https://bugzilla.redhat.com/show_bug.cgi?id=875374
- http://www.kernel.org/pub/linux/kernel/v3.x/
- https://github.com/torvalds/linux/commit/08dff7b7d629807dbb1f398c68dd9cd58dd657a1
- http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
- http://rhn.redhat.com/errata/RHSA-2012-1580.html
- http://www.ubuntu.com/usn/USN-1678-1
- http://www.ubuntu.com/usn/USN-1671-1
- http://www.ubuntu.com/usn/USN-1679-1
- http://www.ubuntu.com/usn/USN-1677-1
- http://www.ubuntu.com/usn/USN-1673-1
- http://www.securityfocus.com/bid/56527
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=08dff7b7d629807dbb1f398c68dd9cd58dd657a1