The exit_thread function (process.c) in Linux kernel 2.6 up to and including 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.4 |
||
linux linux kernel 2.6.5 |
||
linux linux kernel 2.6.1 |
||
linux linux kernel 2.6.0 |
||
linux linux kernel 2.6.2 |
||
linux linux kernel 2.6.3 |