Linux Kernel Denial of Service Vulnerability

Filed under
Linux
Security

Description:
Daniel McNeil has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the AIO (Asynchronous I/O) support within the "is_hugepage_only_range()" function. This can be exploited via a specially crafted program calling the "io_queue_init()" function and then exiting without calling the "io_queue_release()" function.

Successful exploitation crashes the system on PPC64 and IA64 architectures, but requires that CONFIG_HUGETLB_PAGE is enabled.

The vulnerability has been reported in versions 2.6.8 and 2.6.11. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

Source.