• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux Kernel Random Poolsize SysCTL Handler Integer Overflow Vulnerability

The Linux Kernel is reported prone to a local integer overflow vulnerability. The issue occurs in the 'poolsize_strategy' function of the 'random.c' kernel driver.

The vulnerability exists due to a lack of sufficient sanitization performed on integer values before these values are employed as the size argument of a user-land to kernel memory copy operation.

This vulnerability may be leveraged to corrupt kernel memory and ultimately execute arbitrary code with ring-0 privileges. Alternatively, the issue may be exploited to trigger a kernel panic.

It is reported that a user must have UID 0 to exploit this issue, however the user does not require superuser privileges. This may hinder exploitability.