Vulnerability Note VU#973654

Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"

Original Release date: 15 Jun 2004 | Last revised: 23 Aug 2004

Overview

The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.

Description

Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly.

By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability.

Impact

This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition.

Solution

Apply a patch from your vendor

The Systems Affected section of this document contains a list of vendors that have been notified of this issue, as well as their responses.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ConectivaAffected15 Jun 200418 Aug 2004
Guardian Digital Inc. Affected15 Jun 200418 Aug 2004
MandrakeSoftAffected15 Jun 200418 Aug 2004
Red Hat Inc.Affected15 Jun 200418 Aug 2004
SlackwareAffected15 Jun 200416 Jun 2004
SuSE Inc.Affected15 Jun 200416 Jun 2004
Trustix Secure LinuxAffected16 Jun 200416 Jun 2004
Apple Computer Inc.Not Affected15 Jun 200416 Jun 2004
BSDIUnknown-16 Jun 2004
Cray Inc.Unknown-16 Jun 2004
DebianUnknown-16 Jun 2004
EMC CorporationUnknown-16 Jun 2004
FreeBSDUnknown-16 Jun 2004
FujitsuUnknown-16 Jun 2004
Hewlett-Packard CompanyUnknown-16 Jun 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Stian Skjelstad.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2004-0554
  • Date Public: 14 Jun 2004
  • Date First Published: 15 Jun 2004
  • Date Last Updated: 23 Aug 2004
  • Severity Metric: 11.81
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.