Language Selection

English French German Italian Portuguese Spanish

Linux Kernel Denial of Service Vulnerability

Filed under
Linux
Security

Description:
Daniel McNeil has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the AIO (Asynchronous I/O) support within the "is_hugepage_only_range()" function. This can be exploited via a specially crafted program calling the "io_queue_init()" function and then exiting without calling the "io_queue_release()" function.

Successful exploitation crashes the system on PPC64 and IA64 architectures, but requires that CONFIG_HUGETLB_PAGE is enabled.

The vulnerability has been reported in versions 2.6.8 and 2.6.11. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

Source.

More in Tux Machines

Here's What's New in Ubuntu Touch OTA-4 Update

We reported yesterday, May 28 that the major OTA-4 update for the Ubuntu Touch mobile operating system from Canonical will finally arrive sometime in the middle of next week. Read more

Ubuntu's Software & Updates Review - A Tool More Powerful Than You Would Suspect

Software & Updates is one of the most powerful tools in Ubuntu, but it's not taken all that seriously. We want to take a closer look at this application and reveal some of the interesting functions. Read more

GNU FISICALAB 0.3.5

I’m glad to announce the release of version 0.3.5 of GNU FisicaLab, this is a feature release. FisicaLab (can be pronounced as PhysicsLab) is an educational application to solve physics problems. Its main objective is let the user to focus in physics concepts, leaving aside the mathematical details Read more

Fedora's FedUp Upgrade Utility to be Redesigned for Fedora 23

The Fedora Project developers are discussing these days the possibility of redesigning their internal upgrade utility for the Fedora Linux operating system. Read more