win32sux |
04-23-2011 01:20 AM |
Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities
Quote:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
1) Integer overflow errors within the "agp_generic_insert_memory()" and "agp_generic_remove_memory()" function in drivers/char/agp/generic.c can be exploited to cause a buffer overflow via e.g. specially crafted AGPIOC_BIND and AGPIOC_UNBIND IOCTLs.
2) The implementation of the AGPIOC_RESERVE and AGPIOC_ALLOCATE IOCTLs does not properly handle and track memory allocations, which can be exploited to cause an OOM (Out Of Memory) situation.
Successful exploitation requires access to the "/dev/agpgart" device (usually group "video").
|
Secunia Advisory
|