Vigil@nce - Linux kernel: denial of service via current_clocksource
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the kernel is compiled without GENERIC_TIME, a local attacker
can access to current_clocksource, in order to stop the kernel.
Severity: 1/4
Creation date: 23/06/2010
DESCRIPTION OF THE VULNERABILITY
The GENERIC_TIME compilation option enables the synchronization of
time using available counters. This option is enabled by default
on recent kernels.
When GENERIC_TIME is disabled, the clocksource_done_booting()
function of the kernel/time/clocksource.c file does not initialize
the curr_clocksource variable. A local attacker can therefore read
/sys/devices/system/clocksource/clocksource0/current_clocksource,
in order to force the kernel to use an invalid value, which stops
it.
When the kernel is compiled without GENERIC_TIME, a local attacker
can therefore access to current_clocksource, in order to stop the
kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-current-clocksource-9725