Greg Thelen

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.12.2 **Description** The issue is related to multiple race conditions in the Linux kernel, specifically in the ipc/shm.c file. This can be exploited by local users through a crafted application that utilizes shmctl IPC RMID operations in conjunction with other shm system calls, potentially leading to a denial of service (use-after-free and system crash) or possibly other unspecified impacts. **Recommendations** For Linux kernel versions prior to 3.12.2, update to version 3.12.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of shm system calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openSUSE systemtap-runtime-debuginfo (affected versions not specified) openSUSE systemtap (affected versions not specified) openSUSE systemtap-sdt-devel (affected versions not specified) openSUSE libvmtools0 (affected versions not specified) openSUSE systemtap-client (affected versions not specified) openSUSE systemtap-client-debuginfo (affected versions not specified) openSUSE kernel-vanilla-base-debuginfo (affected versions not specified) openSUSE systemtap-server-debuginfo (affected versions not specified) openSUSE libvmtools0-debuginfo (affected versions not specified) openSUSE kernel-vanilla-base (affected versions not specified) openSUSE systemtap-runtime (affected versions not specified) openSUSE systemtap-server (affected versions not specified) openSUSE systemtap-debuginfo (affected versions not specified) openSUSE systemtap-debugsource (affected versions not specified) openSUSE libvmtools-devel (affected versions not specified) Linux kernel versions prior to 3.7.10 **Description** The issue involves multiple vulnerabilities in various packages of the openSUSE operating system and the Linux kernel, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely or locally, depending on the specific package affected. The exploitation of these vulnerabilities may result in a denial of service or allow local users to gain privileges. The vulnerabilities are related to the management of resources in the kernel, specifically in the shmem remount fs function in mm/shmem.c, which can be exploited by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.