Vigil@nce - Linux kernel: denial of service via futex
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a futex in a process calling execve(), in
order to stop the kernel.
Severity: 1/4
Creation date: 05/01/2012
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
A futex (Fast Userspace Mutex) locks elements, using atomic
operations on an integer.
The execve() system call replaces the current process by a new
process.
When a process uses a futex, and then calls exit(), the futex is
freed. However, it is not freed during the call the execve(). The
system thus becomes instable.
A local attacker can therefore use a futex in a process calling
execve(), in order to stop the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-futex-11258