The Linux Kernel versions 126.96.36.199 and prior contain a vulnerability that could allow a local attacker to cause a denial of service (DoS) condition.
The vulnerability is due to an error in the high resolution timer subsystem (hrtimer). A local attacker could exploit this vulnerability to cause an integer overflow. The integer overflow could cause a DoS condition, possibly forcing the system into a state where it fails to respond to requests.
Kernel.org has confirmed the vulnerability and released updated software.
Indicators of Compromise
The Linux Kernel versions 188.8.131.52 and prior are vulnerable if the affected system contains a High Precision Event Timer (HPET) and if that HPET is supported by the kernel build on that system.
To exploit this vulnerability, the attacker must have local account access to the affected system. Additional authentication is not required.
The vulnerability is due to insufficient input validation of integer values by the kernel function hrtimer_start()that is located in hrtimer.c. An attacker could send crafted values to the nanosleep(2) system call to be processed by hrtimer_start(). By sending extremely large relative values to this timer, an integer overflow could occur when the current time is added to the relative time. The resulting integer overflow could cause the clockevents_set_next() function to set itself for a very long timeout period. This behavior could cause the operating system to hang while attempting to service clock events, resulting in a DoS condition.
Systems have this vulnerability only if they have an HPET in the system hardware and the HPET is supported by the system kernel. Kernel support for HPET hardware will increase in the 2.6.24 kernel when it becomes a stable release.
To exploit this vulnerability, the attacker must have local access to the affected system. A successful attack is likely to cause a DoS condition on the vulnerable system. There are no proven exploits to grant the attacker code execution. This vulnerability is primarily a concern on systems that host applications and resources for multiple users, which could allow an attacker to disrupt normal operations for a large number of users with one action.
Administrators are advised to apply the appropriate updates.
Administrators are advised to restrict access to vulnerable systems to trusted users.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products
Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches.