Language Selection

English French German Italian Portuguese Spanish

Linux Kernel Denial of Service Vulnerability

Filed under
Linux
Security

Description:
Daniel McNeil has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the AIO (Asynchronous I/O) support within the "is_hugepage_only_range()" function. This can be exploited via a specially crafted program calling the "io_queue_init()" function and then exiting without calling the "io_queue_release()" function.

Successful exploitation crashes the system on PPC64 and IA64 architectures, but requires that CONFIG_HUGETLB_PAGE is enabled.

The vulnerability has been reported in versions 2.6.8 and 2.6.11. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

Source.

More in Tux Machines

ARM boosts Big.Little with DynamIQ, and launches Linux dev kit

ARM unveiled a more flexible version of its Big.Little multi-core scheme called DynamIQ, and launched an Embedded Linux Education Kit based on the Udoo Neo. ARM Ltd. announced a more advanced version of its Big.Little heterogeneous multi-processing technology for balancing core loads on multi-core Cortex-A SoCs. The new DynamIQ multi-core scheme enables more flexible core configurations that were not possible with Big.Little, says ARM. Meanwhile, ARM’s educational unit released a new ARM Embedded Linux Education Kit based on the i.MX6 SoloX based Udoo Neo hacker SBC (see farther below). Read more

Four Things a New Linux User Should Know

If you’re making the move from Windows or Mac (or even from Android or iOS), welcome to our world. These days, using Linux for doing everyday computer tasks isn’t that much different than using other operating systems — meaning the learning curve is only slight. In fact, my colleague Phil Shapiro works at a library that uses Linux on the computers its patrons use and says that hardly anyone even notices they’re not using Windows. It’s that easy. Read more

Arch Linux-Based ArchEX Has Linux Kernel 4.10.5, Yaourt, and Calamares Installer

Arne Exton announced today the release of a new build of his Arch Linux-based ArchEX GNU/Linux distribution built around the lightweight LXQt desktop environment. Read more

DragonFly BSD 4.8 Released with EFI & eMMC Support, Improved Kernel Performance

The developers of the DragonFly BSD operating system were proud to announce today, March 27, 2017, the release and immediate availability for download of DragonFly BSD 4.8. Read more Also: DragonFlyBSD 4.8 Released With Performance Improvements, EFI Support & More DragonFly BSD 4.8