Multiple Linux Kernel IOCTL Handlers Local Memory Corruption Vulnerabilities

The Linux kernel raw device and pktcdvd block device ioctl handlers are reported prone to local kernel-based memory corruption vulnerabilities. The issues manifest due to a lack of sanity checks performed on argument values that are passed to the 'raw_ioctl()' and 'pkt_ioctl()' functions.

A local attacker, that has read access to a sufficient block device, may leverage this memory corruption to execute arbitrary attacker-supplied code in the context of the system kernel (ring-0).


Privacy Statement
Copyright 2010, SecurityFocus