Linux Kernel do_mremap() Fails to Check do_munmap() Return Values, Allowing a Local User to Gain Root Privileges
Categorie: Vulnerability Posted: 2004-02-19 by ReCall Views: 378 Source: Click here
Current Rating: Not rated
Details
Description: Another vulnerability was reported in the Linux kernel do_mremap() function. A local user can execute arbitrary code with root privileges.
Paul Starzetz discovered and reported that there is a missing return value check within the mremap(2) system call.
When resizing or moving virtual memory areas, the function reportedly does not test the return value of the do_munmap() function. Cases where the function fails (for example, due to the number of virtual memory areas being exceeded by the calling process) will not be properly detected, according to the report. As a result, the kernel may move memory belonging to one process into memory space that is allocated to another process.
Some other calls to the do_munmap() function are also not checked, the report said.
A local user can gain root privileges on the target system.
