Vigil@nce - Linux kernel: use after free via __do_follow_link
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a freed memory area in the Linux kernel, in
order to trigger a denial of service, and possibly to execute code.
Impacted products: Linux, RHEL
Severity: 1/4
Creation date: 24/06/2014
DESCRIPTION OF THE VULNERABILITY
The fs/namei.c file of the Linux kernel implements file name
processing.
However, the __do_follow_link() function uses the LAST_NORM type
instead of LAST_BIND, which triggers a useless call to kfree().
Technical details are unknown.
An attacker can therefore use a freed memory area in the Linux
kernel, in order to trigger a denial of service, and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-use-after-free-via-do-follow-link-14928