Vigil@nce: Linux kernel, denial of service via epoll tree
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can execute a program creating a complex epoll
structure, in order to overload the kernel.
– Severity: 1/4
– Creation date: 02/03/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The epoll feature is used to wait for events on file descriptors:
– epoll_create() : create an epoll
– epoll_ctl() : configuration of an epoll
– epoll_wait() : wait for events
The epoll_ctl() function adds a file descriptor to an epoll. This
file descriptor can be another epoll.
An attacker can create a complex tree of epoll containing several
other epoll, nested on several levels. The analysis of this
complex structure consumes a lot of CPU resources.
A local attacker can therefore execute a program creating a
complex epoll structure, in order to overload the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-epoll-tree-10418