Vigil@nce - Linux kernel : memory corruption via S390 Four Page Table Levels
mai 2016 par Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate a memory corruption on S390 in the
Linux kernel, in order to trigger a denial of service, and
possibly to run code.
Impacted products : Linux, SUSE Linux Enterprise Desktop, SLES.
Severity : 2/4.
Creation date : 17/03/2016.
DESCRIPTION OF THE VULNERABILITY
The fork() function clones the memory of a process.
However, on S390, if a process has four levels of memory pages (>
4TB), the init_new_context() function does not correctly clone the
memory.
A local attacker can therefore generate a memory corruption on
S390 in the Linux kernel, in order to trigger a denial of service,
and possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN