| Description: | The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. It was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).
|