Vigil@nce - Linux kernel: infinite loop of perf_callchain_user_64
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a program with a malicious stack
layout, in order to generate an infinite loop in the
perf_callchain_user_64() function of the Linux kernel.
Impacted products: Linux.
Severity: 1/4.
Creation date: 18/08/2015.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be installed on a ppc64 processor.
The perf_callchain_user_64() function of the
arch/powerpc/perf/callchain.c file builds the list of functions
calls by unwinding the stack, in order to log this information.
However, there is no limit to the number of functions.
A local attacker can therefore create a program with a malicious
stack layout, in order to generate an infinite loop in the
perf_callchain_user_64() function of the Linux kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-infinite-loop-of-perf-callchain-user-64-17693