Vigil@nce - Linux kernel: denial of service via request_module
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can force a call to request_module(), to disable
the Out-Of-Memory-Killer, in order to overload the memory.
Impacted products: Linux
Severity: 1/4
Creation date: 03/09/2012
DESCRIPTION OF THE VULNERABILITY
The request_module() function is used by the kernel to load a
module. It is for example called during the creation of a socket
using a module.
The Out-Of-Memory-Killer monitors processes consuming memory, and
decides to kill them, in order to free memory for other processes.
So, a malicious application cannot block the system.
However, if a loaded process forces a call to request_module(),
the Out-Of-Memory-Killer cannot kill the process which uses a
state TASK_UNINTERRUPTIBLE. The Out-Of-Memory-Killer is then
disabled.
A local attacker can therefore force a call to request_module(),
to disable the Out-Of-Memory-Killer, in order to overload the
memory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-request-module-11915