Linux-2.6.8.1 input/serio/serport local unprivileged panic/dos
From: Vitaly V. Bursov
Date: Tue Sep 07 2004 - 15:39:29 EST
Hello,
drivers/input/serio/serport.c can lead to kernel panic in serio code
followed by jbd's panic (probably due to random memory write, I don't
now) and/or system lockup.
Another drivers with the same desing (are there any?) can be vulnerable too.
Steps to exploit it:
process 1:
open() a tty device;
TIOCSETD it to N_MOUSE;
read() it. it will block.
after that, process 2:
open() the same device;
TIOCSETD it to 0;
TIOCSETD it to N_MOUSE; (not sure if it's necessary)
kill() process 1;
If some code or more info is needed, please contact me, I'm not
at the list.
--
Thanks,
Vitaly
GPG Key ID: F95A23B9
Attachment:
pgp00000.pgp
Description: PGP signature