CVE-2013-7339

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12.8 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Multiple vulnerabilities in SUSE Linux Enterprise packages may lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A local user can cause a denial of service when using the RDS network protocol over Infiniband channels.

Recommendations For Linux kernel versions prior to 3.12.8, update to version 3.12.8 or later. For SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.