vulnerability bulletin CVE-2013-4483
Linux kernel: denial of service via ipc_rcu_putref
Synthesis of the vulnerability
A local attacker can progressively force the Linux kernel to use all its memory, in order to trigger a denial of service.Impacted products: Linux
, SUSE Linux Enterprise Desktop
BID-63445, CERTFR-2014-AVI-241, CERTFR-2014-AVI-256, CVE-2013-4483, MDVSA-2013:265, openSUSE-SU-2014:0247-1, RHSA-2014:0285-01, SUSE-SU-2014:0536-1, USN-2221-1, USN-2223-1, USN-2227-1, USN-2233-1, USN-2234-1, USN-2238-1, VIGILANCE-VUL-13673.
Description of the vulnerability
The RCU (Read Copy Update) feature is used to synchronize events, with no interruption of reading operations.
The ipc_rcu_putref() function uses RCU. However, sometimes, the number of users of a memory area is not decremented. The counter thus never reaches zero, and the memory area is never freed.
A local attacker can therefore progressively force the Linux kernel to use all its memory, in order to trigger a denial of service.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability announce
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.