Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 307443 - Kernel: load_elf_binary DoS (CVE-2010-0307)
Summary: Kernel: load_elf_binary DoS (CVE-2010-0307)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: [linux < 2.6.32.8]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-02 09:37 UTC by Alex Legler (RETIRED)
Modified: 2013-09-15 19:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-02 09:37:30 UTC 
CVE-2010-0307 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0307):
  The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel
  before 2.6.32.8 on the x86_64 platform does not ensure that the ELF
  interpreter is available before a call to the SET_PERSONALITY macro,
  which allows local users to cause a denial of service (system crash)
  via a 32-bit application that attempts to execute a 64-bit
  application and then triggers a segmentation fault, as demonstrated
  by amd64_killer, related to the flush_old_exec function.