Linux Kernel ptrace local DoS vulnerability



There’s a local Denial of Service vulnerability in the linux kernel’s ptrace function according to secunia.com. It reportedly is present in kernel’s prior to 2.6.14.2 and is listed as a non-critical vulnerability. (However any security vulnerability should be treated seriously.) 2.6.14.2 is safe and fixes the vulnerability. The vuln was reported “by the vendor”, in this case, the linux kernel devel team.


From the advisory.

The vulnerability is caused due to a missing check of the thread’s group ID in ptrace.c when trying to determine whether the process is attempting to attach to itself when CLONE_THREAD is used. This may be exploited to cause a kernel crash.

   Send article as PDF   

Similar Posts