Vulnerability Note VU#973654
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
Overview
The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.
Description
Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly. By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability. |
Impact
This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition. |
Solution
Apply a patch from your vendor |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Conectiva | Affected | 15 Jun 2004 | 18 Aug 2004 |
| Guardian Digital Inc. | Affected | 15 Jun 2004 | 18 Aug 2004 |
| MandrakeSoft | Affected | 15 Jun 2004 | 18 Aug 2004 |
| Red Hat Inc. | Affected | 15 Jun 2004 | 18 Aug 2004 |
| Slackware | Affected | 15 Jun 2004 | 16 Jun 2004 |
| SuSE Inc. | Affected | 15 Jun 2004 | 16 Jun 2004 |
| Trustix Secure Linux | Affected | 16 Jun 2004 | 16 Jun 2004 |
| Apple Computer Inc. | Not Affected | 15 Jun 2004 | 16 Jun 2004 |
| BSDI | Unknown | - | 16 Jun 2004 |
| Cray Inc. | Unknown | - | 16 Jun 2004 |
| Debian | Unknown | - | 16 Jun 2004 |
| EMC Corporation | Unknown | - | 16 Jun 2004 |
| FreeBSD | Unknown | - | 16 Jun 2004 |
| Fujitsu | Unknown | - | 16 Jun 2004 |
| Hewlett-Packard Company | Unknown | - | 16 Jun 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
- http://secunia.com/advisories/11861/
- http://xforce.iss.net/xforce/xfdb/16412
Credit
This vulnerability was discovered by Stian Skjelstad.
This document was written by Jeffrey P. Lanza.
Other Information
- CVE IDs: CAN-2004-0554
- Date Public: 14 Jun 2004
- Date First Published: 15 Jun 2004
- Date Last Updated: 23 Aug 2004
- Severity Metric: 11.81
- Document Revision: 21
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.