Vigil@nce - Linux kernel: denial of service via bfa and fc_host
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the system has a Brocade Fibre Channel device, a local
attacker can read the fc_host statistics, in order to create a
denial of service.
Severity: 1/4
Creation date: 08/12/2010
DESCRIPTION OF THE VULNERABILITY
The drivers/scsi/bfa directory implements the support of Brocade
Fibre Channel network devices, used to access to remote drives via
SCSI-FCP (SCSI Fibre Channel Protocol).
The /sys/class/fc_host/host0/statistics virtual file displays
statistics about the first SCSI-FCP association. However, the bfa
driver does not initialize data structures related to physical and
virtual ports. When the kernel tries to generate these information
in statistics, it thus reads invalid memory areas.
When the system has a Brocade Fibre Channel device, a local
attacker can therefore read the fc_host statistics, in order to
create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-bfa-and-fc-host-10184