Vigil@nce - Linux kernel: denial of service via public_key_verify_signature
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can submit an ill formed X.509 certificate to the
function public_key_verify_signature() of the Linux kernel, in
order to trigger a denial of service.
Impacted products: Linux.
Severity: 2/4.
Creation date: 25/01/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel cau use public keys from X.509 certificates.
Before public keys are used, they must be validated. However, the
certificate parser does not check all the constraints and there is
an ill formed certificate the processing of which will trigger an
assertion violation in public_key_verify_signature(), which leads
to a kernel panic.
An attacker can therefore submit an ill formed X.509 certificate
to the function public_key_verify_signature() of the Linux kernel,
in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN