Vulnerability Note VU#973654
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.
Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly.
By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability.
This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition.
Apply a patch from your vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Conectiva||Affected||15 Jun 2004||18 Aug 2004|
|Guardian Digital Inc.||Affected||15 Jun 2004||18 Aug 2004|
|MandrakeSoft||Affected||15 Jun 2004||18 Aug 2004|
|Red Hat Inc.||Affected||15 Jun 2004||18 Aug 2004|
|Slackware||Affected||15 Jun 2004||16 Jun 2004|
|SuSE Inc.||Affected||15 Jun 2004||16 Jun 2004|
|Trustix Secure Linux||Affected||16 Jun 2004||16 Jun 2004|
|Apple Computer Inc.||Not Affected||15 Jun 2004||16 Jun 2004|
|BSDI||Unknown||-||16 Jun 2004|
|Cray Inc.||Unknown||-||16 Jun 2004|
|Debian||Unknown||-||16 Jun 2004|
|EMC Corporation||Unknown||-||16 Jun 2004|
|FreeBSD||Unknown||-||16 Jun 2004|
|Fujitsu||Unknown||-||16 Jun 2004|
|Hewlett-Packard Company||Unknown||-||16 Jun 2004|
CVSS Metrics (Learn More)
This vulnerability was discovered by Stian Skjelstad.
This document was written by Jeffrey P. Lanza.
- CVE IDs: CAN-2004-0554
- Date Public: 14 Jun 2004
- Date First Published: 15 Jun 2004
- Date Last Updated: 23 Aug 2004
- Severity Metric: 11.81
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.