Linux Kernel Local Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 3.5.x
Linux kernel 3.4.x
Unaffected system:
Linux kernel 3.5.3
Linux kernel 3.4.10
Description:
--------------------------------------------------------------------------------
Linux Kernel 3.4.x or 3.5.x has two implementation vulnerabilities, which can be exploited by malicious local users to cause DOS.

1) a null pointer reference error occurs when the directory hierarchy is deleted. By running "rm-rf" in a large directory hierarchy, the kernel crashes. Successful exploitation of this vulnerability requires an ext4 File System on the RAID device.

2) due to the lack of clock conversion, there is a null pointer reference error in the I. MX clock architecture. By enticing users to use aplay to play specially crafted WAV Files, this can cause a kernel crash.

<* Source: Maciej zenczykoski

Link: http://secunia.com/advisories/50421/
Http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.5.3
Http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.10
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/