4.9

CVE-2012-3375

Exploit
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.2.23
LinuxLinux Kernel Version3.0.1
LinuxLinux Kernel Version3.0.2
LinuxLinux Kernel Version3.0.3
LinuxLinux Kernel Version3.0.4
LinuxLinux Kernel Version3.0.5
LinuxLinux Kernel Version3.0.6
LinuxLinux Kernel Version3.0.7
LinuxLinux Kernel Version3.0.8
LinuxLinux Kernel Version3.0.9
LinuxLinux Kernel Version3.0.10
LinuxLinux Kernel Version3.0.11
LinuxLinux Kernel Version3.0.12
LinuxLinux Kernel Version3.0.13
LinuxLinux Kernel Version3.0.14
LinuxLinux Kernel Version3.0.15
LinuxLinux Kernel Version3.0.16
LinuxLinux Kernel Version3.0.17
LinuxLinux Kernel Version3.0.18
LinuxLinux Kernel Version3.0.19
LinuxLinux Kernel Version3.0.20
LinuxLinux Kernel Version3.0.21
LinuxLinux Kernel Version3.0.22
LinuxLinux Kernel Version3.0.23
LinuxLinux Kernel Version3.0.24
LinuxLinux Kernel Version3.0.25
LinuxLinux Kernel Version3.0.26
LinuxLinux Kernel Version3.0.27
LinuxLinux Kernel Version3.0.28
LinuxLinux Kernel Version3.0.29
LinuxLinux Kernel Version3.0.30
LinuxLinux Kernel Version3.0.31
LinuxLinux Kernel Version3.0.32
LinuxLinux Kernel Version3.0.33
LinuxLinux Kernel Version3.0.34
LinuxLinux Kernel Version3.1.1
LinuxLinux Kernel Version3.1.2
LinuxLinux Kernel Version3.1.3
LinuxLinux Kernel Version3.1.4
LinuxLinux Kernel Version3.1.5
LinuxLinux Kernel Version3.1.6
LinuxLinux Kernel Version3.1.7
LinuxLinux Kernel Version3.1.8
LinuxLinux Kernel Version3.1.9
LinuxLinux Kernel Version3.1.10
LinuxLinux Kernel Version3.2.1
LinuxLinux Kernel Version3.2.2
LinuxLinux Kernel Version3.2.3
LinuxLinux Kernel Version3.2.4
LinuxLinux Kernel Version3.2.5
LinuxLinux Kernel Version3.2.6
LinuxLinux Kernel Version3.2.7
LinuxLinux Kernel Version3.2.8
LinuxLinux Kernel Version3.2.9
LinuxLinux Kernel Version3.2.10
LinuxLinux Kernel Version3.2.11
LinuxLinux Kernel Version3.2.12
LinuxLinux Kernel Version3.2.13
LinuxLinux Kernel Version3.2.14
LinuxLinux Kernel Version3.2.15
LinuxLinux Kernel Version3.2.16
LinuxLinux Kernel Version3.2.17
LinuxLinux Kernel Version3.2.18
LinuxLinux Kernel Version3.2.19
LinuxLinux Kernel Version3.2.20
LinuxLinux Kernel Version3.2.21
LinuxLinux Kernel Version3.2.22
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.02% 0.589
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://ubuntu.com/usn/usn-1529-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9
http://secunia.com/advisories/51164
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
http://www.openwall.com/lists/oss-security/2012/07/04/2
http://www.securitytracker.com/id?1027237
https://bugzilla.redhat.com/show_bug.cgi?id=837502
https://downloads.avaya.com/css/P8/documents/100165733
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9
Exploit