Linux bug discovered

On the site Linuxreviews.org the discoverer Øyvind Sæther, from Norway, said that using the exploit requires the (ab)user to have shell access or other means of uploading and running the program—like cgi-bin and FTP access. Then it is just a matter of running this code which works on any normal user account.

Along with the code needed to use the exploit, Sæther also posted several patches to 2.4 and 2.6 kernels that will keep the exploit from crashing systems. The 2.4.xx kernel patch can be found here. A patch for the 2.6 kernel can be found here.

The exploit works because the Linux kernels signal handler isn't handling floating-point (FP) exceptions correctly.

Linus Torvalds has admitted that there is a path into the kernel where if there is a pending FP error, the kernel will end up taking an FP exception, and it will continue to take the FP exception forever. He reckons he has fixed it and if he was not moving house he would have released a 2.6.7 already.