Linux Siemens R3964 Line Discipline Missing Lock

Posted by deepcore on April 25, 2019 – 3:40 am

The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Sony Smart TV Information Disclosure / File Read 74CMS 5.0.1 Cross Site Request Forgery »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Linux Siemens R3964 Line Discipline Missing Lock

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL