From ${URL} : Linux kernel built with a Gigabit Ethernet device support(CONFIG_QETH) is vulnerable to a buffer overflow flaw. It could occur while doing an ioctl(SIOC_QETH_ADP_SET_SNMP_CONTROL) call. A user/program could use this flaw to crash the kernel resulting in DoS or potentially escalate user privileges on a system. Upstream fix: ------------- -> http://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62 Reference: ---------- -> http://seclists.org/oss-sec/2013/q4/330
CVE-2013-6381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6381): Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.
Fix in 3.12.3