SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#973654

Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"

Overview

The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.

I. Description

Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly.

By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability.

II. Impact

This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition.

III. Solution

Apply a patch from your vendor


The Systems Affected section of this document contains a list of vendors that have been notified of this issue, as well as their responses.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable16-Jun-2004
BSDIUnknown16-Jun-2004
ConectivaVulnerable18-Aug-2004
Cray Inc.Unknown16-Jun-2004
DebianUnknown16-Jun-2004
EMC CorporationUnknown16-Jun-2004
FreeBSDUnknown16-Jun-2004
FujitsuUnknown16-Jun-2004
Guardian Digital Inc. Vulnerable18-Aug-2004
Hewlett-Packard CompanyUnknown16-Jun-2004
HitachiUnknown16-Jun-2004
IBMUnknown16-Jun-2004
IBM eServerUnknown16-Jun-2004
Ingrian NetworksUnknown16-Jun-2004
Juniper NetworksUnknown16-Jun-2004
MandrakeSoftVulnerable18-Aug-2004
MontaVista SoftwareUnknown16-Jun-2004
NEC CorporationUnknown16-Jun-2004
NetBSDUnknown16-Jun-2004
NokiaUnknown16-Jun-2004
NovellUnknown16-Jun-2004
OpenBSDUnknown16-Jun-2004
Openwall GNU/*/LinuxUnknown16-Jun-2004
Red Hat Inc.Vulnerable18-Aug-2004
SequentUnknown16-Jun-2004
SGIUnknown16-Jun-2004
SlackwareVulnerable16-Jun-2004
Sony CorporationUnknown16-Jun-2004
Sun Microsystems Inc.Unknown16-Jun-2004
SuSE Inc.Vulnerable16-Jun-2004
The SCO Group (SCO Linux)Unknown16-Jun-2004
The SCO Group (SCO UnixWare)Unknown16-Jun-2004
Trustix Secure LinuxVulnerable16-Jun-2004
TurboLinuxUnknown16-Jun-2004
UnisysUnknown16-Jun-2004
Wind River Systems Inc.Unknown16-Jun-2004

References


http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
http://secunia.com/advisories/11861/
http://xforce.iss.net/xforce/xfdb/16412

Credit

This vulnerability was discovered by Stian Skjelstad.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2004-06-14
Date First Published:2004-06-15
Date Last Updated:2004-08-23
CERT Advisory: 
CVE-ID(s):CAN-2004-0554
NVD-ID(s):CAN-2004-0554
US-CERT Technical Alerts: 
Metric:11.81
Document Revision:21

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader