The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 3.1 (including) | 3.2.44 (excluding) |
Linux_kernel | Linux | 3.3 (including) | 3.4.49 (excluding) |
Linux_kernel | Linux | 3.5 (including) | 3.8.8 (excluding) |