Linux Kernel Panic Function Call Buffer Overflow Vulnerability

Linux Kernel Panic Function Call Buffer Overflow Vulnerability

The panic() function call of the Linux kernel has been reported prone to a buffer-overflow vulnerability.

The vulnerability is reported to present itself when an unbounded vsprintf() call within panic() copies user-supplied data into a fixed buffer. Reportedly, a user may be able to overrun the bounds of the affected buffer and corrupt adjacent memory. Because this buffer resides in kernel memory space, an attacker may be able to exploit this issue to corrupt kernel memory, access memory contents, and -- although unconfirmed -- execute arbitrary code. Some reports, however, indicate that this vulnerability is not exploitable.