Primary

Context

redoxOS Kernel Denial-of-Service Vulnerability via setitimer Syscall

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the redoxOS kernel, prior to the commit 5d41cd7c. This issue allows local attackers to cause a kernel panic by exploiting the setitimer syscall, leading to a divide-by-zero error.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a crash.

Reproduction

The vulnerability can be reproduced by compiling a program that calls the setitimer syscall with invalid timer values, such as negative seconds and extremely large microsecond values. This program can then be executed to trigger the divide-by-zero panic in the kernel.

Remediation

Users can update to the latest version of the redoxOS kernel, where this vulnerability has been addressed.

Added: Jun 20, 2025, 6:49 PM

Updated: Jun 20, 2025, 6:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

redoxOS Kernel Denial-of-Service Vulnerability via setitimer Syscall

Vulnerability

Impact

Reproduction

Remediation

Affected Products

redoxOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating