CVE-2011-1083

MEDIUM

Description

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

References

http://article.gmane.org/gmane.linux.kernel/1105744

http://article.gmane.org/gmane.linux.kernel/1105888

http://article.gmane.org/gmane.linux.kernel/1106686

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

http://openwall.com/lists/oss-security/2011/03/02/1

http://openwall.com/lists/oss-security/2011/03/02/2

http://rhn.redhat.com/errata/RHSA-2012-0862.html

http://secunia.com/advisories/43522

http://secunia.com/advisories/48115

http://secunia.com/advisories/48410

http://secunia.com/advisories/48898

http://secunia.com/advisories/48964

http://www.osvdb.org/71265

https://bugzilla.redhat.com/show_bug.cgi?id=681578

Details

Source: MITRE

Published: 2011-04-04

Updated: 2020-08-12

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
83611	SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)	Nessus	SuSE Local Security Checks	high
79507	OracleVM 2.2 : kernel (OVMSA-2013-0039)	Nessus	OracleVM Local Security Checks	critical
79283	RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)	Nessus	Red Hat Local Security Checks	high
74801	openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)	Nessus	SuSE Local Security Checks	critical
74658	openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)	Nessus	SuSE Local Security Checks	critical
74604	openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1)	Nessus	SuSE Local Security Checks	critical
69590	Amazon Linux AMI : kernel (ALAS-2012-100)	Nessus	Amazon Linux Local Security Checks	medium
69581	Amazon Linux AMI : kernel (ALAS-2011-22)	Nessus	Amazon Linux Local Security Checks	medium
68679	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2026)	Nessus	Oracle Linux Local Security Checks	medium
68678	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2025)	Nessus	Oracle Linux Local Security Checks	medium
68554	Oracle Linux 6 : kernel (ELSA-2012-0862)	Nessus	Oracle Linux Local Security Checks	medium
68468	Oracle Linux 5 : kernel (ELSA-2012-0150)	Nessus	Oracle Linux Local Security Checks	medium
64173	SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)	Nessus	SuSE Local Security Checks	high
64050	RHEL 6 : kernel (RHSA-2012:1129)	Nessus	Red Hat Local Security Checks	high
59925	CentOS 6 : kernel (CESA-2012:0862)	Nessus	CentOS Local Security Checks	medium
59590	RHEL 6 : kernel (RHSA-2012:0862)	Nessus	Red Hat Local Security Checks	medium
58845	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)	Nessus	SuSE Local Security Checks	critical
58052	RHEL 5 : kernel (RHSA-2012:0150)	Nessus	Red Hat Local Security Checks	medium
56865	Fedora 15 : kernel-2.6.41.1-1.fc15 (2011-15856)	Nessus	Fedora Local Security Checks	medium
56721	Fedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)	Nessus	Fedora Local Security Checks	medium
55591	Ubuntu 11.04 : linux vulnerabilities (USN-1167-1)	Nessus	Ubuntu Local Security Checks	high
55454	Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)	Nessus	Ubuntu Local Security Checks	high
55104	Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)	Nessus	Ubuntu Local Security Checks	high
801520	CentOS RHSA-2012-0862 Security Check	Log Correlation Engine	Generic	high