CERT-In Vulnerability Note CIVN-2010-79
Linux Kernel KVM 'hvc_console.c' Local Denial of Service Vulnerability
Original Issue Date: March 25, 2010
Severity Rating:Low
System Affected
- Linux Kernel versions 2.6.33-rc8 and prior
Overview
A vulnerability has been reported in Linux kernel, which could be exploited by local attackers to cause a DoS (Denial of Service) conditions on the affected systems.
Description
This vulnerability exist in Linux kernel in drivers/char/hvc_console.c that affects the Kernel-based Virtual Machine (KVM). This issue is caused by a race condition between the "hvc_remove()" and "hvc_close()" functions in the "drivers/char/hvc_console.c" source code file. A local attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
Solution
Upgrade to version 2.6.33
http://www.kernel.org/
Vendor Information
kernel.org
https://patchwork.kernel.org/patch/83353/
http://www.kernel.org/
References kernel.org
https://patchwork.kernel.org/patch/83353/
http://www.kernel.org/
SecurityFocus
http://www.securityfocus.com/bid/38537
Net Security
http://www.net-security.org/vuln.php?id=11510
Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln38537.html
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
