Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3375

Опубликовано: 27 мар. 2012
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Отчет

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, since updates fixing CVE-2011-1083 contained a corrected patch that did not introduce this regression. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-1061.html, and Red Hat Enterprise Linux Red Hat Enterprise MRG 2 via https://rhn.redhat.com/errata/RHSA-2012-1150.html

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux Extended Update Support 6.2kernelAffected
Red Hat Enterprise Linux 5kernelFixedRHSA-2012:106110.07.2012
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2012:115008.08.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=837502kernel: epoll: can leak file descriptors when returning -ELOOP

EPSS

Процентиль: 34%
0.00137
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3375

ubuntu
больше 13 лет назад

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

nvd логотип

CVE-2012-3375

nvd
больше 13 лет назад

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

debian логотип

CVE-2012-3375

debian
больше 13 лет назад

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...

github логотип

GHSA-6f4r-j475-m5hg

github
больше 3 лет назад

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

oracle-oval логотип

ELSA-2012-1061

oracle-oval
больше 13 лет назад

ELSA-2012-1061: kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 34%
0.00137
Низкий

4.9 Medium

CVSS2