4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
0.4%
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before
2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is
available before a call to the SET_PERSONALITY macro, which allows local
users to cause a denial of service (system crash) via a 32-bit application
that attempts to execute a 64-bit application and then triggers a
segmentation fault, as demonstrated by amd64_killer, related to the
flush_old_exec function.
Author | Note |
---|---|
jdstrand | commits based on comments from dann frazier <[email protected]> in oss-security |