Local Vulnerabilities in Current Kernels

Feb 12, 2008

Recent kernel versions back to the older kernel 2.6.17 may contain a vulnerability that can be exploited by local attackers.

Although a fix for the vulnerability is now available, the solution does not seem to be totally secure. A vulnerability gives local attackers the ability to manipulate or hijack the system. Network attackers are said not to work. The vulnerability has been confirmed in kernel versions 2.6.17 through 2.6.24.1. A new kernel version, 2.24.2, was released Monday, however, the developers were not entirely sure if the vulnerability had really been removed. The current developer kernel 2.6.25 is said to have reliably fixed the security bug.

The bug was caused by pointer handling in programs. The "vmsplice" function, which was affected, was introduced with kernel 2.6.17. It supports faster transfer between various memory areas. The vulnerability was caused by incorrect validation by the "vmsplice_to_user()", "copy_from_user_mmap_sem()" and "get_iovec_page_array()" functions prior to performing memory operations. Under certain circumstances attackers could use a carefully crafted call to "vmsplice()" to read or write to kernel memory space.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News