Vigil@nce - Linux kernel: denial of service via release_one_tty
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use ttys, in order to generate a resource
leak in the kernel.
Severity: 1/4
Creation date: 15/04/2010
DESCRIPTION OF THE VULNERABILITY
The release_one_tty() function of the drivers/char/tty_io.c file
is called when a tty (interface terminal) is closed.
This function calls free_tty_struct() to free the tty structure,
which contains the pgrp (process group id) and session fields.
However, the associated pids (process id) are not freed.
A local attacker can therefore use ttys, in order to generate a
resource leak in the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-release-one-tty-9593