Vigil@nce: Linux kernel, incorrect permissions on devtmpfs
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
On a 2.6.32.x kernel, a local attacker can access to devtmpfs.
Severity: 2/4
Consequences: data reading, data creation/edition
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/02/2010
IMPACTED PRODUCTS
– Linux kernel
– Mandriva Linux
– OpenSUSE
DESCRIPTION OF THE VULNERABILITY
The devtmpfs filesystem was added in the kernel 2.6.32. It is used
to create device nodes, before mounting the / root, and before
mounting it to /dev.
A vulnerability, related to default access rights to devtmpfs, was
announced. Technical details are unknown.
On a 2.6.32.x kernel, a local attacker can thus for example
directly access to some restricted devices.
CHARACTERISTICS
Identifiers: CVE-2010-0299, MDVSA-2010:030, SUSE-SA:2010:010,
VIGILANCE-VUL-9396
http://vigilance.fr/vulnerability/Linux-kernel-incorrect-permissions-on-devtmpfs-9396