CVE-2013-6381

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12.1

Description The issue allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. This is due to a buffer overflow in the qeth snmp command function in drivers/s390/net/qeth core main.c. The ioctl call IOC QETH ADP SET SNMP CONTROL is involved in the system call.

Recommendations For Linux kernel versions prior to 3.12.1, update to version 3.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the qeth snmp command function until a patch is available. Avoid using the IOC QETH ADP SET SNMP CONTROL ioctl call with incompatible length values in the command-buffer size until the issue is resolved.