| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability CVE-2010-2243
Linux kernel: denial of service via current_clocksource
Synthesis of the vulnerability
| When the kernel is compiled without GENERIC_TIME, a local attacker can access to current_clocksource, in order to stop the kernel. |
Severity: 1/4.
Creation date: 23/06/2010.
|
Description of the vulnerability
The GENERIC_TIME compilation option enables the synchronization of time using available counters. This option is enabled by default on recent kernels.
When GENERIC_TIME is disabled, the clocksource_done_booting() function of the kernel/time/clocksource.c file does not initialize the curr_clocksource variable. A local attacker can therefore read /sys/devices/system/clocksource/clocksource0/current_clocksource, in order to force the kernel to use an invalid value, which stops it.
When the kernel is compiled without GENERIC_TIME, a local attacker can therefore access to current_clocksource, in order to stop the kernel. |
Complete Vigil@nce bulletin
Characteristics
Title: Linux kernel: denial of service via current_clocksource.
Keywords: GENERIC_TIME Linux clocksource0 clocksource_done_booting curr_clocksource current_clocksource denial kernel service.
Identifiers: BID-41079, CVE-2010-2243, VIGILANCE-VUL-9725.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer applications vulnerability
|
