Vigil@nce: Linux kernel, denial of service via get_user_pages
July 2008 by Vigil@nce
A local attacker can request several memory pages in order to
progressively consume available memory.
– Gravity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 08/07/2008
– Identifier: VIGILANCE-VUL-7936
IMPACTED PRODUCTS
Linux kernel [confidential versions]
DESCRIPTION
The get_user_pages() file of the mm/memory.c file provides memory
pages to user.
However, due to a logic error, useless pages, previously
identified as ZERO_PAGE, are reserved.
A local attacker can therefore request several memory pages in
order to progressively consume available memory.
CHARACTERISTICS
– Identifiers: CVE-2008-2372, VIGILANCE-VUL-7936
– Url: https://vigilance.aql.fr/tree/1/7936