June 20th, 2004
Many 2.4.x and 2.6.x kernels on x86 and x86-64 are vulnerable to a DOS which allows the kernel to be crashed by running an unprivileged program.
"There's a path into the kernel where if there is a pending FP error, the kernel will end up taking an FP exception, and it will continue to take the FP exception forever. Duh." -Linus Torvalds
If you enabled Magic SysRq (CONFIG_MAGIC_SYSRQ=y, found in make menuconfig at Kernel hacking -> Magic SysRq key) in your kernel you can cleanly reboot if evil freezes your system with the following keyboard combination:
- Alt-SysRq-R (keyboard in raw mode)
- Alt-SysRq-S (save unsaved data to disk)
- Alt-SysRq-E (send termination signal)
- Alt-SysRq-I (send kill signal)
- Alt-SysRq-U (remount all mounted file systems)
- Alt-SysRq-B (reboots the system)
See the article above for patches for 2.4 and 2.6 kernels for x86 and x86-64 architectures. Direct links to the most common patches:
The exploit cannot do any damage after applying the patch, but it will continue to consume 99% of CPU until killed.