Red Hat Customer Portal

Skip to main content

CVE-2012-3375

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Details Source

Mitre

Statement

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, since updates fixing CVE-2011-1083 contained a corrected patch that did not introduce this regression.

This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-1061.html, and Red Hat Enterprise Linux Red Hat Enterprise MRG 2 via https://rhn.redhat.com/errata/RHSA-2012-1150.html

Public Date

2012-03-27 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP

Bugzilla ID

837 502

CVSS Status

verified

Base Score

4.90

Base Metrics

AV:L/AC:L/Au:N/C:N/I:N/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2012:1061 2012-07-10
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2012:1150 2012-08-08

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux Extended Update Support 6.2 kernel Affected
Red Hat Enterprise Linux 6 kernel Not affected