Linux Kernel cpufreq Signed Integer Assignment Flaw Discloses Memory to Local Users
|
|
SecurityTracker Alert ID: 1009924 |
|
SecurityTracker URL: http://securitytracker.com/id/1009924
|
|
CVE Reference:
CAN-2004-0228
(Links to External Site)
|
Date: Apr 23 2004
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4, 2.5, 2.6
|
Description:
A vulnerability was reported in the Linux kernel in the cpufreq_userspace proc handler. A local user may be able to read kernel memory.
Red Hat reported that the Linux kernel contains a signed integer boundary error in the cpufreq ioctl proc handler. A user-supplied signed integer is cast to a signed integer and then used in copying memory. As a result, a local user can read or write arbitrary amounts of kernel memory.
A local user can read arbitrary portions of kernel memory. A root-level user can also write to arbitrary memory locations.
The flaw resides in 'drivers/cpufreq/cpufreq_userspace.c'.
Brad Spengler is credited with discovering this flaw.
|
Impact:
A local user can read arbitrary portions of kernel memory.
|
Solution:
A fix is available in 'drivers/cpufreq/cpufreq_userspace.c' as of April 21, 2004.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 23 Apr 2004 13:11:32 -0400
Subject: CAN-2004-0228
|
CVE: CAN-2004-0228
Red Hat reported that the Linux kernel contains a signed integer boundary error in the
cpufreq ioctl proc handler. A local user may be able to read arbitrary portions of kernel
memory.
Brad Spengler is credited with discovering this flaw.
|
|
