CVE-2011-1083

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

References

http://article.gmane.org/gmane.linux.kernel/1105744

http://article.gmane.org/gmane.linux.kernel/1105888

http://article.gmane.org/gmane.linux.kernel/1106686

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

http://openwall.com/lists/oss-security/2011/03/02/1

http://openwall.com/lists/oss-security/2011/03/02/2

http://rhn.redhat.com/errata/RHSA-2012-0862.html

http://secunia.com/advisories/43522

http://secunia.com/advisories/48115

http://secunia.com/advisories/48410

http://secunia.com/advisories/48898

http://secunia.com/advisories/48964

http://www.osvdb.org/71265

https://bugzilla.redhat.com/show_bug.cgi?id=681578

Details

Source: MITRE

Published: 2011-04-04

Updated: 2020-08-12

Type: CWE-400

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.37.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
83611SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)NessusSuSE Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
74801openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)NessusSuSE Local Security Checks
critical
74658openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)NessusSuSE Local Security Checks
critical
74604openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1)NessusSuSE Local Security Checks
critical
69590Amazon Linux AMI : kernel (ALAS-2012-100)NessusAmazon Linux Local Security Checks
medium
69581Amazon Linux AMI : kernel (ALAS-2011-22)NessusAmazon Linux Local Security Checks
medium
68679Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2026)NessusOracle Linux Local Security Checks
medium
68678Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2025)NessusOracle Linux Local Security Checks
medium
68554Oracle Linux 6 : kernel (ELSA-2012-0862)NessusOracle Linux Local Security Checks
medium
68468Oracle Linux 5 : kernel (ELSA-2012-0150)NessusOracle Linux Local Security Checks
medium
64173SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)NessusSuSE Local Security Checks
high
64050RHEL 6 : kernel (RHSA-2012:1129)NessusRed Hat Local Security Checks
high
59925CentOS 6 : kernel (CESA-2012:0862)NessusCentOS Local Security Checks
medium
59590RHEL 6 : kernel (RHSA-2012:0862)NessusRed Hat Local Security Checks
medium
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
58052RHEL 5 : kernel (RHSA-2012:0150)NessusRed Hat Local Security Checks
medium
56865Fedora 15 : kernel-2.6.41.1-1.fc15 (2011-15856)NessusFedora Local Security Checks
medium
56721Fedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)NessusFedora Local Security Checks
medium
55591Ubuntu 11.04 : linux vulnerabilities (USN-1167-1)NessusUbuntu Local Security Checks
medium
55454Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)NessusUbuntu Local Security Checks
high
55104Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)NessusUbuntu Local Security Checks
high
801520CentOS RHSA-2012-0862 Security CheckLog Correlation EngineGeneric
high