This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When the system is configured with EVM, a local attacker can use a
Unix socket, in order to stop the system.

Impacted products : Linux

Severity : 2/4

Creation date : 21/02/2013

DESCRIPTION OF THE VULNERABILITY

The EVM (Extended Verification Module) feature checks if files
were not altered.

A Unix socket can be used by two processes to exchange
information. It uses a special file. When the fchmod() function is
called on this file, the evm_update_evmxattr() function of the
security/integrity/evm/evm_crypto.c file is called. However, as
this file is a Unix socket, it does not have a removexattr
attribute. A NULL pointer is then dereferenced.

When the system is configured with EVM, a local attacker can
therefore use a Unix socket, in order to stop the system.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EVM-12444