Erk. Linux kernel DOS (unprivileged shell required)

[unixronin]

Many 2.4.x and 2.6.x kernels on x86 and x86-64 are vulnerable to a DOS which allows the kernel to be crashed by running an unprivileged program.

"There's a path into the kernel where if there is a pending FP error, the kernel will end up taking an FP exception, and it will continue to take the FP exception forever. Duh." -Linus Torvalds

If you enabled Magic SysRq (CONFIG_MAGIC_SYSRQ=y, found in make menuconfig at Kernel hacking -> Magic SysRq key) in your kernel you can cleanly reboot if evil freezes your system with the following keyboard combination:

1. Alt-SysRq-R (keyboard in raw mode)
2. Alt-SysRq-S (save unsaved data to disk)
3. Alt-SysRq-E (send termination signal)
4. Alt-SysRq-I (send kill signal)
5. Alt-SysRq-U (remount all mounted file systems)
6. Alt-SysRq-B (reboots the system)

See the article above for patches for 2.4 and 2.6 kernels for x86 and x86-64 architectures.  Direct links to the most common patches:

• 2.4.2x x86
• 2.4 x86 and x86-64 combined patch
• 2.6 x86
• 2.6 x86-64
• 2.6 x86 and x86-64 combined patch

The exploit cannot do any damage after applying the patch, but it will continue to consume 99% of CPU until killed.

Comments

[mulix.livejournal.com]

There's an excellent explanation of what is going on on lwn.net, http://lwn.net/Articles/89586/

[unixronin.livejournal.com]

I note that this is subscriber-only.

[mulix.livejournal.com]

hmpf, sorry about that. It should become unlocked this Thursday. It also points to the this analysis: http://lwn.net/Articles/89771/