Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Linux kernel: denial of service via IOCB_FLAG_RESFD

November 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

A local attacker can use IOCB_FLAG_RESFD, in order to stop the
kernel.

Severity: 1/4

Creation date: 10/11/2010

DESCRIPTION OF THE VULNERABILITY

The Linux kernel supports AIO (Asynchronous Input Output).

The aicb structure contains the aio_resfd field which indicates
the file descriptor of the eventfd where to deliver results. The
IOCB_FLAG_RESFD flag indicates that eventfd was set.

However, if the file descriptor is invalid, an error occurs, and
then the req->ki_filp pointer, which is NULL, is dereferenced.

A local attacker can therefore use IOCB_FLAG_RESFD, in order to
stop the kernel.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-IOCB-FLAG-RESFD-10120


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts