News
Vigil@nce: Linux kernel, incorrect permissions on devtmpfs
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
On a 2.6.32.x kernel, a local attacker can access to devtmpfs.
Severity: 2/4
Consequences: data reading, data creation/edition
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/02/2010
IMPACTED PRODUCTS
Linux kernel
Mandriva Linux
OpenSUSE
DESCRIPTION OF THE VULNERABILITY
The devtmpfs filesystem was added in the kernel 2.6.32. It is used to create device nodes, before mounting the / root, and before mounting it to /dev.
A vulnerability, related to default access rights to devtmpfs, was announced. Technical details are unknown.
On a 2.6.32.x kernel, a local attacker can thus for example directly access to some restricted devices.
CHARACTERISTICS
Identifiers: CVE-2010-0299, MDVSA-2010:030, SUSE-SA:2010:010, VIGILANCE-VUL-9396
