Vigil@nce: Linux kernel, denial of service via mprotect perf
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use mprotect(), in order to stop the system.
– Severity: 1/4
– Creation date: 15/11/2010
DESCRIPTION OF THE VULNERABILITY
The mprotect() system call defines the access type (read, write,
execute) of memory pages.
This function calls perf_event_mmap() to record the memory
processing event. However, the mprotect_fixup() function can merge
two memory areas, so the perf_event_mmap() parameter becomes
invalid.
A local attacker can therefore use mprotect(), in order to stop
the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-mprotect-perf-10128