Vigil@nce: Linux kernel, denial of service of parisc_show_stack
December 2008 by Vigil@nce
When Linux is installed on a PA-RISC processor, a local attacker
can stop the system.
– Gravity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/12/2008
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION
The Linux kernel can be installed on a PA-RISC processor.
When an error occurs in an interruption, the stack of calling
functions is displayed ("stacktrace") by parisc_show_stack().
A local attacker can change the stack of his process, to force
parisc_show_stack() to use invalid memory addresses. These
addresses create an error in unwind_once(), used to unwind one
function, which panics the kernel.
When Linux is installed on a PA-RISC processor, a local attacker
can thus stop the system.
CHARACTERISTICS
– Identifiers: BID-32636, CVE-2008-5395, VIGILANCE-VUL-8326
– Url: http://vigilance.fr/vulnerability/8326