Linux Kernel “sys_epoll_wait()” Function Integer Overflow
- 0
- Add a Comment
- No Related Post
Critical: Not critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
OS: Linux Kernel 2.6.x
Georgi Guninski has reported a potential vulnerability in the Linux kernel, which may be exploited by malicious people to gain escalated privileges.
The vulnerability is caused due to an integer overflow in the “sys_epoll_wait()” function and can be exploited to cause a buffer overflow overwriting low kernel memory.
Successful exploitation may potentially allow execution of arbitrary code with escalated privileges. However, few applications reportedly use the affected part of the kernel memory space.
The vulnerability has been reported in versions 2.6 through 2.6.11.
Solution: Update to version 2.6.11.2 or later.
http://kernel.org/“
Full article: Secunia Advisory: SA14548