News
Vigil@nce - Linux kernel: memory corruption via kiocb
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create an error in the kiocb processing, in order to stop the system, and possibly to execute code.
Severity: 2/4
Creation date: 18/01/2012
IMPACTED PRODUCTS
Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports AIO (Asynchrounous IO) in order to transfer data efficiently.
The kiocb structure of the kernel stores information on AIO. Since version 3.2, a user can request the usage of a group of kiocb ("batch"). However, if an error occurs in the processing of one of the kiocb, the kiocb_batch_free() function frees a memory area which is still used.
A local attacker can therefore create an error in the kiocb processing, in order to stop the system, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
