Vigil@nce: Linux kernel, denial of service via do_mremap
January 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can call the mmap()/mremap() system call, in
order to stop the system.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/01/2010
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The mmap() system call is used to map a file in memory. The
mremap() call modifies an existing mapping, and is implemented by
the do_mremap() function of the kernel.
Depending on flags requested to mremap(), and on architectures
(arm, ia64, s390, sparc, x86, etc.), there are memory addresses or
actions which should be forbidden. However, do_mremap() does not
check all these cases, which generally leads to a denial of
service.
A local attacker can therefore call the mmap()/mremap() system
call, in order to stop the system.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-9359
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-do-mremap-9359