A Linux kernel bug on RedHat Enterpise Linux 5 and SuSE Linux Enterprise Server 10 and 11 in the Linux Auditing subsystem can result in a crash with the presence of either SCSP driver (RT-FIM or IPS) loaded on the system.
The risk of running into this issue exists in the following conditions:
1) Running RHEL5 or SLES 10 or 11
2) Linux Audit subsystem enabled with rules (auditctl -l, and -s)
3) SCSP RT-FIM or IPS drivers loaded
Note: Having the IDS filewatch rules applied to the RT-FIM driver and/or IPS policies increases the risk of exposure to the bug.
The following options are available to avoid a crash:
A. Disable the Linux Audit subsystem and remove the audit rules
B. Disable the SCSP RT‐FIM and IPS drivers
C. Upgrade to RHEL6
D. SCSP version 5.2 RU9 MP3 will also have an update to address this issue
RedHat Enterprise Linux 5 and SuSE Linux Enterprise Server 10 and 11.
Note: RedHat has addressed this issue in RHEL6. The fix has not been made in RHEL5 or any current version of SLES kernel.