Vigil@nce - Linux kernel: denial of service via pmd_bad
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use memory pages, in order to stop the system.
Severity: 1/4
Creation date: 16/03/2012
IMPACTED PRODUCTS
– Fedora
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The madvise() system call is used by developers to indicate to the
kernel how to manage the memory.
A local attacker can create a process with two threads:
– a thread which calls madvise()
– a thread which generates a page fault
However, in this case, a Page Middle Directory pmd_bad() assertion
error occurs, and stops the kernel.
A local attacker can therefore use memory pages, in order to stop
the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-pmd-bad-11453