The log_prefix function in kernel/printk.c in the Linux kernel 3.x before
3.4.33 does not properly remove a prefix string from a syslog header, which
allows local users to cause a denial of service (buffer overflow and system
crash) by leveraging /dev/kmsg write access and triggering a
call_console_drivers function call.
Author | Note |
---|---|
mdeslaur | /dev/kmsg is root-writable only |