Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Linux kernel: denial of service via current_clocksource

June 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When the kernel is compiled without GENERIC_TIME, a local attacker
can access to current_clocksource, in order to stop the kernel.

Severity: 1/4

Creation date: 23/06/2010

DESCRIPTION OF THE VULNERABILITY

The GENERIC_TIME compilation option enables the synchronization of
time using available counters. This option is enabled by default
on recent kernels.

When GENERIC_TIME is disabled, the clocksource_done_booting()
function of the kernel/time/clocksource.c file does not initialize
the curr_clocksource variable. A local attacker can therefore read
/sys/devices/system/clocksource/clocksource0/current_clocksource,
in order to force the kernel to use an invalid value, which stops
it.

When the kernel is compiled without GENERIC_TIME, a local attacker
can therefore access to current_clocksource, in order to stop the
kernel.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-current-clocksource-9725


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts