Vigil@nce: Linux kernel, denial of service on x86_64
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
On a x86_64 processor, a local attacker can use a malicious ELF
program, in order to stop the system.
Consequences: denial of service of computer
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/02/2010
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
System calls (select(), poll(), etc.) and memory layout are
different between systems. For example, a program conceived to use
the select() of Solaris may not work with the Linux select()
because of minor behavior changes.
Personalities (or execution domains) indicate how the kernel has
– PER_LINUX: normal mode for Linux
– PER_SOLARIS: emulate the Solaris kernel
– PER_IRIX32: emulate the IRIX kernel
On a x86_64 processor, an attacker can start a 32 bit application,
which calls via execve() a 64 bit program, which fails. However,
the SET_PERSONALITY() macro was called during the execve(). The
program thus obtained a 64 bit personality, whereas it is a 32 bit
program, which corrupts its state, and stops the kernel.
On a x86_64 processor, a local attacker can therefore use a
malicious ELF program, in order to stop the system.
Identifiers: BID-38027, CVE-2010-0307, VIGILANCE-VUL-9395