Info

Disclosure

Jun 03, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the Linux kernel function "set_fpxregs" doesn't consider the "__copy_from_user" failed condition. This could cause the contents of the MXCSR register to be corrupted, and potentially cause a reserved bit within the register to be unexpectedly set, resulting in loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown

Solution

Upgrade the linux kernel to version 2.4.23 or higher, as it has been reported to fix this vulnerability. This can be done through various Linux vendor patches or manually installing a newer kernel. An upgrade is required as there are no known workarounds.

Products

Linux Kernel Organization, Inc.	Kernel	2.0.22
		2.2.18
		2.4.0
		2.4.1
		2.4.10
		2.4.11
		2.4.12
		2.4.13
		2.4.14
		2.4.15
		2.4.16
		2.4.17
		2.4.18
		2.4.19
		2.4.2
		2.4.20
		2.4.21
		2.4.3
		2.4.4
		2.4.5
		2.4.6
		2.4.7
		2.4.8
		2.4.9

References

Credit

Andrea Arcangeli - andreae-mind.com -

Direct URL: http://osvdb.org/4456

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Linux Kernel Organization, Inc.

Kernel

References

Credit