Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service), and malicious people to cause a DoS.
1) An error within the "decode_choice()" function in net/netfilter/bf_conntrack_h323_asn1.c when handling choices that are still encoded in the fixed-size bitfield can be exploited to cause access to undefined types, resulting in a crash.
2) MSR bits are cleared after copying the state into the thread_struct. This can be exploited to cause corruption of the floating point state after returning from signal handlers, resulting in a DoS.
Successful exploitation requires a PowerPC based architecture.
3) The "do_change_type()" function in fs/namespace.c does not properly check for "CAP_SYS_ADMIN" privileges before performing certain operations. This can be exploited to e.g. mark private mounts as shared or mark a mount as unbindable.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Linux Kernel Security Bypass and Multiple Denial of Service Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.