Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: FreeBSD, denial of service via SCHED_ULE

March 2010 by Vigil@nce

When the SCHED_ULE scheduler is used, a local attacker on a multiprocessor system can block FreeBSD.

- Severity: 1/4
- Consequences: denial of service of computer
- Provenance: user shell
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 01/03/2010

IMPACTED PRODUCTS

- FreeBSD

DESCRIPTION OF THE VULNERABILITY

The FreeBSD system uses two implementations of the thread/process scheduler:
- SCHED_4BSD (by default on FreeBSD <= 7.0)
- SCHED_ULE (by default on FreeBSD >= 7.1)

With SCHED_ULE, each CPU has a locked queue. When a thread is transfered from one CPU to another one, SCHED_ULE locks the source and destination CPU queues. However, if two other threads are transfered during this time range, they wait indefinitely for a lock to be freed. The associated CPUs are then unused.

When the SCHED_ULE scheduler is used, a local attacker on a multiprocessor system can therefore block FreeBSD.

CHARACTERISTICS

- Identifiers: FreeBSD-EN-10:02.sched_ule, VIGILANCE-VUL-9479
- Url: http://vigilance.fr/vulnerability/F...




See previous articles

    

See next articles