Vigil@nce: Linux kernel, denial of service via pktgen
November 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use pktgen on a bridge over a VLAN, in order
to stop the kernel.
– Severity: 1/4
– Creation date: 21/11/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be compiled with the option CONFIG_NET_PKTGEN
which enables pktgen. The pktgen tool is used to simulate the
emission of packets, in order to test a driver implementing the
support for a network device.
Some drivers do not reset the flag IFF_TX_SKB_SHARING (Socket
Kernel Buffers sharing). When pktgen is used on these drivers, a
NULL pointer is then dereferenced.
A local attacker can therefore for example use pktgen on a bridge
over a VLAN, in order to stop the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-pktgen-11168