Vigil@nce - Linux kernel: denial of service via proc_oom_score
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can overload the system, and force the kernel to
use proc_oom_score, in order to stop the system.
Severity: 1/4
Creation date: 14/04/2010
DESCRIPTION OF THE VULNERABILITY
The "OOM Killer" feature of the kernel is used to kill a process
when the system is Out Of Memory.
The /proc/[pid]/oom_score file indicates the score of a process.
This number is used to compute the first process to be killed.
The proc_oom_score() function of the fs/proc/base.c file computes
this score. However, if the process has just died, this function
dereferences an invalid pointer, which stops the kernel.
A local attacker can therefore overload the system, create a low
priority process, kill it, and read /proc/[pid]/oom_score, in
order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-oom-score-9588