FreeBSD -- Incorrect argument validation in sysarch(2)

ID 7B6A11B5-600A-11E6-A6C3-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2016-10-25T00:00:00


Problem Description: A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. Impact: This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.