Vigil@nce: Linux kernel, denial of service on Sparc64
June 2009 by Vigil@nce
On a Sparc64 processor, a local attacker can stop the system.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 03/06/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
Each adapter on a Sparc64 system has its own memory address range
for its direct input/output. For example:
– 1ff80020000-1ff8003ffff : video adapter
– 1ff82000000-1ff82000fff : network adapter
These addresses are indicated in the /proc/iomem file.
The pci_register_iommu_region() function requests a memory area
for a PCI device, and allocates a structure named "resource".
However, the allocated structure is not initialized, and thus its
usage generates an error and stops the kernel.
On a Sparc64 processor, a local attacker can then read the content
of the /proc/iomem file in order to stop the system.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8758
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-on-Sparc64-8758