Vigil@nce: Linux kernel, denial of service via posix-cpu-timers
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a multi-threaded process using POSIX
timers, in order to stop the system.
– Severity: 1/4
– Creation date: 23/11/2010
DESCRIPTION OF THE VULNERABILITY
The kernel/posix-cpu-timers.c file implements timers used by
system calls such as nanosleep() and clock_getres().
When a process ends, the posix_cpu_timer_del() function deletes
current timers. If the thread group leader changed, the
posix_cpu_timers_exit_group() function is not called. This case is
not implemented, and the BUG_ON() macro stops the kernel.
A local attacker can therefore create a multi-threaded process
using POSIX timers, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-posix-cpu-timers-10147