VULHUB ™

WMCube/GDK is a freely available, open source application for monitoring CPU load. It can be used with one, or multiple CPU's. WMCube/GDK does not properly impose the limit of 64 byte object files hard-coded into the program. Because of this, it is possible for a local user to load an object file greater than 64 bytes, creating a buffer overflow. This overflow could be used to overwrite stack variables, including the return address, and execute arbitrary code. A local attacker may gain egid 'kmem', which allows for reading of kernel memory. Elevation to root is imminent when attackers can read kmem.

WMCube/GDK is a freely available, open source application for monitoring CPU load. It can be used with one, or multiple CPU's. WMCube/GDK does not properly impose the limit of 64 byte object files hard-coded into the program. Because of this, it is possible for a local user to load an object file greater than 64 bytes, creating a buffer overflow. This overflow could be used to overwrite stack variables, including the return address, and execute arbitrary code. A local attacker may gain egid 'kmem', which allows for reading of kernel memory. Elevation to root is imminent when attackers can read kmem.