Vigil@nce - Linux kernel: denial of service of tty_fasync
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate an inter-blocking in tty_fasync(),
in order to stop the system.
Severity: 1/4
Creation date: 15/06/2010
DESCRIPTION OF THE VULNERABILITY
The f_modown() function of the fs/fcntl.c file changes the owner
of a file.
The tty_fasync() function of the drivers/char/tty_io.c file
manages asynchronous access to a TTY. It uses __f_setown() to
change the owner of a file.
However, when both functions are called simultaneously, two locks
used, and an inter-blocking case occurs.
A local attacker can therefore generate an inter-blocking in
tty_fasync(), in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-of-tty-fasync-9710