Vigil@nce - Linux kernel: use after free via ath_tx_aggr_sleep
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a freed memory area in the ath_tx_aggr_sleep()
function of the Linux kernel, in order to trigger a denial of
service, and possibly to execute code.
– Impacted products: Linux
– Severity: 2/4
– Creation date: 31/03/2014
DESCRIPTION OF THE VULNERABILITY
The ath9k driver is used for wireless network devices.
However, the ath_tx_aggr_sleep() function can free twice a linked
list.
An attacker can therefore use a freed memory area in the
ath_tx_aggr_sleep() function of the Linux kernel, in order to
trigger a denial of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-use-after-free-via-ath-tx-aggr-sleep-14499