Published on 12 january 2005
Issue:
======
Locally exploitable flaw has been found in the Linux page fault handler
code that allows users to gain root privileges if running on
multiprocessor machine.
Details:
========
The Linux kernel is the core software component of a Linux environment
and is responsible for handling of machine resources. One of the
functions of an operating system kernel is handling of virtual memory.
On Linux virtual memory is provided on demand if an application accesses
virtual memory areas.
One of the core components of the Linux VM subsystem is the page fault
handler that is called if applications try to access virtual memory
currently not physically mapped or not available in their address space.
The page fault handler has the function to properly identify the type of
the requested virtual memory access and take the appropriate action to
allow or deny application's VM request. Actions taken may also include a
stack expansion if the access goes just below application's actual stack
limit.
An exploitable race condition exists in the page fault handler if two
concurrent threads sharing the same virtual memory space request stack
expansion at the same time. It is only exploitable on multiprocessor
machines (that also includes systems with hyperthreading).
more détails on http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
TuTTle
--
--------------------------------------------------------------------------------------
PGP Public Key = http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x63DB4770
Key ID = 63DB4770 Tuttle (JFM) <b4b1@free.fr>
--------------------------------------------------------------------------------------
Issue:
======
Locally exploitable flaw has been found in the Linux page fault handler
code that allows users to gain root privileges if running on
multiprocessor machine.
Details:
========
The Linux kernel is the core software component of a Linux environment
and is responsible for handling of machine resources. One of the
functions of an operating system kernel is handling of virtual memory.
On Linux virtual memory is provided on demand if an application accesses
virtual memory areas.
One of the core components of the Linux VM subsystem is the page fault
handler that is called if applications try to access virtual memory
currently not physically mapped or not available in their address space.
The page fault handler has the function to properly identify the type of
the requested virtual memory access and take the appropriate action to
allow or deny application's VM request. Actions taken may also include a
stack expansion if the access goes just below application's actual stack
limit.
An exploitable race condition exists in the page fault handler if two
concurrent threads sharing the same virtual memory space request stack
expansion at the same time. It is only exploitable on multiprocessor
machines (that also includes systems with hyperthreading).
more détails on http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
TuTTle
--
--------------------------------------------------------------------------------------
PGP Public Key = http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x63DB4770
Key ID = 63DB4770 Tuttle (JFM) <b4b1@free.fr>
--------------------------------------------------------------------------------------