Vigil@nce - FreeBSD: unreachable memory reading via vt
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can force a read at an invalid address with a vt
of FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD
Severity: 1/4
Creation date: 25/02/2015
DESCRIPTION OF THE VULNERABILITY
The support of virtual devices (vt) can be enabled on FreeBSD.
However, if a user requests a negative vt index, the
sys/dev/vt/vt_core.c file tries to read a memory area which is not
reachable, which triggers a fatal error.
A local attacker can therefore force a read at an invalid address
with a vt of FreeBSD, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-unreachable-memory-reading-via-vt-16254