oss-sec mailing list archives

Re: CVE request: Linux kernel DoS with syscall auditing


From: Greg KH <greg () kroah com>
Date: Wed, 28 May 2014 14:53:31 -0700

On Wed, May 28, 2014 at 02:45:59PM -0700, Andy Lutomirski wrote:
Issuing a system call with a random large number will OOPS, depending
on configuration.  A configuration that will enable this bug is:

# auditctl -a exit,always -S open

No privilege whatsoever is required to trigger the OOPS.

It's possible that this can be extended to more than just a DoS --
with some care and willingness to exploit timing attacks, this is a
read of arbitrary single bits in kernel memory.

Is there a kernel fix for this anywhere?

thanks,

greg k-h


Current thread: