Vigil@nce - Linux kernel: memory access via PowerPC KGDB
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the kernel is compiled with the KGDB support, and when it
runs on a PowerPC processor, a local attacker can write in all
memory pages.
Severity: 2/4
Creation date: 30/04/2010
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be compiled with the KGDB support, in order
to debug it with gdb.
However, in this case, the kernel does not check if the user is
allowed to access to a memory page:
– in the settlbcam() function of the arch/powerpc/mm/fsl_booke_mmu.c
file
– in the setbat() function of the arch/powerpc/mm/ppc_mmu_32.c
file
When the kernel is compiled with the KGDB support, and when it
runs on a PowerPC processor, a local attacker can therefore write
in all memory pages.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-access-via-PowerPC-KGDB-9622