Linux Today: Linux News On Internet Time.

System call fuzzing continued.

Dec 16, 2010, 20:34 (0 Talkback[s])

"Work is ongoing on the system call fuzzer I wrote about last month. Since I initially talked about it, it's found a few more bugs.

"CVE-2010-4256: Pipe fcntl local denial of service. The inode struct in the kernel contains this union..

union {
struct pipe_inode_info *i_pipe;
struct block_device *i_bdev;
struct cdev *i_cdev;

"A missing "is this a pipe" check in pipe_fcntl allowed a user to perform pipe ioctl's on inodes that were not pipes. (ie, block/char devs). Things blew up pretty quickly."

Complete Story

Related Stories: