News
Vigil@nce: Linux kernel, denial of service via GFS
March 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can lock a file on a GFS system, in order to stop the kernel.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/03/2010
IMPACTED PRODUCTS
Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports GFS (Global File System).
A file can be locked with two modes:
advisory locking : the process manages parallel accesses,
before each read()/write()
mandatory locking : the system manages parallel accesses, by
checking the bit Sgid without the bit GroupExecute during each
read()/write()
A local attacker can lock a GFS file with an "advisory locking", and then change the file mode to simulate a "mandatory locking". When the file is locked, the kernel does not manage this special case, and calls the BUG() macro.
A local attacker can therefore lock a file on a GFS system, in order to stop the kernel.
CHARACTERISTICS
Identifiers: 570863, CVE-2010-0727, VIGILANCE-VUL-9513
