| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2012-0058
Linux kernel: memory corruption via kiocb
Synthesis of the vulnerability
| A local attacker can create an error in the kiocb processing, in order to stop the system, and possibly to execute code. |
Severity: 2/4.
Creation date: 18/01/2012.
|
Impacted products
Description of the vulnerability
The Linux kernel supports AIO (Asynchrounous IO) in order to transfer data efficiently.
The kiocb structure of the kernel stores information on AIO. Since version 3.2, a user can request the usage of a group of kiocb ("batch"). However, if an error occurs in the processing of one of the kiocb, the kiocb_batch_free() function frees a memory area which is still used.
A local attacker can therefore create an error in the kiocb processing, in order to stop the system, and possibly to execute code. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Linux kernel: memory corruption via kiocb.
Keywords: AIO Asynchrounous Linux corruption kernel kiocb kiocb_batch_free memory.
Identifiers: BID-51534, CVE-2012-0058, VIGILANCE-VUL-11301.
|
Information sources
Computer vulnerabilities tracking service
Vigil@nce provides network vulnerability patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.
|
