You are here

U-210: Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service

July 11, 2012 - 7:00am

Addthis

PROBLEM:

Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service

PLATFORM:

Version(s): 2.6.x

ABSTRACT:

A vulnerability was reported in the Linux Kernel. A local user can cause denial of service conditions.

reference  LINKS:

The Vendor's Advisory
SecurityTracker Alert ID: 1027237
SecurityTracker Alert ID: 1027240
Red Hat advisory
CVE-2012-3375

IMPACT ASSESSMENT:

Medium

Discussion:

The Linux kernel's Event Poll (epoll) subsystem does not properly handle resource clean up when an ELOOP error code is returned. A local user can exploit this to cause the target system to crash.

Impact:

A local user can cause the target system to crash.

Solution:

The vendor has issued a fix.
Red Hat advisory, kernel security and bug fix update.

Addthis