Vigil@nce: FreeBSD, denial of service via SCHED_ULE
March 2010 by Vigil@nce
When the SCHED_ULE scheduler is used, a local attacker on a
multiprocessor system can block FreeBSD.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 01/03/2010
IMPACTED PRODUCTS
– FreeBSD
DESCRIPTION OF THE VULNERABILITY
The FreeBSD system uses two implementations of the thread/process
scheduler:
– SCHED_4BSD (by default on FreeBSD <=>
= 7.1)
With SCHED_ULE, each CPU has a locked queue. When a thread is
transfered from one CPU to another one, SCHED_ULE locks the source
and destination CPU queues. However, if two other threads are
transfered during this time range, they wait indefinitely for a
lock to be freed. The associated CPUs are then unused.
When the SCHED_ULE scheduler is used, a local attacker on a
multiprocessor system can therefore block FreeBSD.
CHARACTERISTICS
– Identifiers: FreeBSD-EN-10:02.sched_ule, VIGILANCE-VUL-9479
– Url: http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-SCHED-ULE-9479