FreeBSD -- Incorrect argument validation in sysarch(2)
A special combination of sysarch(2) arguments, specify
a request to uninstall a set of descriptors from the LDT.
The start descriptor is cleared and the number of descriptors
are provided. Due to lack of sufficient bounds checking
during argument validity verification, unbound zero'ing of
the process LDT and adjacent memory can be initiated from
This vulnerability could cause the kernel to panic. In
addition it is possible to perform a local Denial of Service
against the system by unprivileged processes.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright