CVE-2013-2929

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-ec2-devel versions prior to 3.12.2 SUSE Linux Enterprise kernel-pae-devel versions prior to 3.12.2 SUSE Linux Enterprise kernel-xen-devel versions prior to 3.12.2 SUSE Linux Enterprise gfs2-kmp-xen versions prior to 3.12.2 Linux kernel versions prior to 3.12.2

Description The issue affects the Linux kernel and can lead to a breach of confidentiality, integrity, and availability of protected information. It is related to the improper use of the get dumpable function, which can allow local users to bypass ptrace restrictions or obtain sensitive information from IA64 scratch registers. The vulnerability can be exploited remotely. The get dumpable() function in the ptrace subsystem is vulnerable to information disclosure. Systems are only vulnerable if the sysctl fs.suid dumpable variable is set to 2, which is not the default value.

Recommendations For SUSE Linux Enterprise kernel-ec2-devel versions prior to 3.12.2, update to version 3.12.2 or later. For SUSE Linux Enterprise kernel-pae-devel versions prior to 3.12.2, update to version 3.12.2 or later. For SUSE Linux Enterprise kernel-xen-devel versions prior to 3.12.2, update to version 3.12.2 or later. For SUSE Linux Enterprise gfs2-kmp-xen versions prior to 3.12.2, update to version 3.12.2 or later. For Linux kernel versions prior to 3.12.2, update to version 3.12.2 or later. As a temporary workaround, consider restricting access to the get dumpable() function until a patch is available.