{"vuid":"VU#973654","idnumber":"973654","name":"Linux kernel fails to properly handle floating point signals generated by \"fsave\" and \"frstor\"","keywords":["Linux kernel","DoS","denial of service"],"overview":"The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.","clean_desc":"Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The \"fsave\" and \"frstor\" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly. By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability.","impact":"This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition.","resolution":"Apply a patch from your vendor The Systems Affected section of this document contains a list of vendors that have been notified of this issue, as well as their responses.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Stian Skjelstad.","author":"This document was written by Jeffrey P. Lanza.","public":["http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html","http://secunia.com/advisories/11861/","http://xforce.iss.net/xforce/xfdb/16412"],"cveids":["CVE-2004-0554"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-14T18:00:38Z","publicdate":"2004-06-14T00:00:00Z","datefirstpublished":"2004-06-15T22:37:18Z","dateupdated":"2004-08-23T17:54:14Z","revision":23,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"11.8125","cam_scorecurrentwidelyknown":"11.8125","cam_scorecurrentwidelyknownexploited":"15.1875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.8125,"vulnote":null}