Vigil@nce: Linux kernel, denial of service via ftrace
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When DebugFS is enabled, a local attacker can use ftrace in order
to stop the system.
– Severity: 1/4
– Creation date: 21/09/2010
DESCRIPTION OF THE VULNERABILITY
The DebugFS virtual file system is used to debug changes on an
ext2 file system.
The ftrace feature profiles events of an application. The filter
set_ftrace_filter defines operations to monitor (open, read,
write, llseek, etc.).
The llseek() operation changes the position of the cursor in a
file. However, when llseek() is traced on DebugFS, a NULL pointer
is dereferenced.
When DebugFS is enabled, a local attacker can therefore use ftrace
in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-ftrace-9958