Linux Kernel AMD restore_fpu_checking() Bug Lets Local Users Deny Service or Potentially Obtain Root Privileges
SecurityTracker Alert ID: 1029592|
SecurityTracker URL: http://securitytracker.com/id/1029592
(Links to External Site)
Updated: Jan 28 2014|
Original Entry Date: Jan 13 2014
Denial of service via local system, Root access via local system|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions. A local user may be able to obtain root privileges.|
A local user can trigger a floating point exception in restore_fpu_checking() and kill individual tasks or cause the target system to crash.
AMD-based systems are affected.
On some systems, it may be possible for a local user to obtain root privileges.
The original advisory and a demonstration exploit is available at:
halfdog reported this vulnerability.
A local user can cause the target system to crash.|
A local user may be able to obtain root privileges.
The vendor has issued a source code fix, available at:|
Vendor URL: www.kernel.org/ (Links to External Site)
Exception handling error|
Source Message Contents
Date: Sat, 28 Dec 2013 22:07:24 +0000|
Subject: [Full-disclosure] vm86 syscall kernel-panic and some more goodies waiting to be analyzed
-----BEGIN PGP SIGNED MESSAGE-----
It seems that at least on 32-bit Debian-sid kernel in VirtualBox
guest,  triggers a kernel-panic. This simple POC does not allow
privilege escalation although there might be also some time-race
component involved, sometimes similar code seems to access
uninitialized memory or triggers NULL-dereferences. Therefore the
simple POC code could be extended for more extensive testing. See 
for more information.
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/