Date: 25 Mar 2003 20:55:50 -0000 From: "Valentin A.Alekseev" <valeks@valabs.spb.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/50298: unlimited usage of AGP memory make system hung Message-ID: <20030325205550.897.qmail@alpha.valabs.spb.ru>
next in thread | raw e-mail | index | archive | help
>Number: 50298 >Category: kern >Synopsis: unlimited usage of AGP memory make system hung >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Mar 25 13:00:26 PST 2003 >Closed-Date: >Last-Modified: >Originator: Valentin A. Alekseev >Release: FreeBSD 5.0-RELEASE-p6 i386 >Organization: Valentin A. Alekseev >Environment: System: FreeBSD alpha.valabs.spb.ru 5.0-RELEASE-p6 FreeBSD 5.0-RELEASE-p6 #3: Sun Mar 23 00:55:36 MSK 2003 valeks@alpha.valabs.spb.ru:/usr/src/sys/i386/compile/ALPHA i386 /usr/src/sys/pci/agp.c: $FreeBSD: src/sys/pci/agp.c,v 1.22 2002/11/13 17:40:15 mux Exp $ XFree86 Version 4.3.0 Release Date: 27 February 2003 X Protocol Version 11, Revision 0, Release 6.6 Build Operating System: FreeBSD 5.0-RELEASE-p4 i386 [ELF] >Description: AGP aperture memory allocated in kernel address space with no limits ever set. This is exploitable both by root and non-root users using either AGPIOC_* ioctl's directly or using any gl function with realy big arguments (for the first time this was discovered for glTexImage2D function on XFree86 4.3.0). >How-To-Repeat: Exploit is located at http://www.valabs.spb.ru/files/agpdos.c (1,6K) >Fix: Currently no fix or patch made by me. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030325205550.897.qmail>