Linux Kernel Multiprocessor Page Fault Handler Race Condition

2005-01-13T09:53:28
ID OSVDB:12914
Type osvdb
Reporter Paul Starzetz(ihaquer@isec.pl)
Modified 2005-01-13T09:53:28

Description

Vulnerability Description

Linux Kernel contains a flaw that may allow a malicious user to execute arbitrary code with root privileges on multi-processor systems. The issue is caused by the page fault handler and is triggered when two threads, which share the same virtual memory space, request a stack expansion simultaneously. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Linux Kernel contains a flaw that may allow a malicious user to execute arbitrary code with root privileges on multi-processor systems. The issue is caused by the page fault handler and is triggered when two threads, which share the same virtual memory space, request a stack expansion simultaneously. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.kernel.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1012862 Secunia Advisory ID:13822 Secunia Advisory ID:13876 Secunia Advisory ID:13972 Secunia Advisory ID:20162 Secunia Advisory ID:20163 Secunia Advisory ID:13857 Secunia Advisory ID:13961 Secunia Advisory ID:14002 Secunia Advisory ID:20202 Secunia Advisory ID:20338 RedHat RHSA: RHSA-2005:016 Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_03_kernel.html Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 Other Advisory URL: http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0402.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0446.html CVE-2005-0001