CVE-2011-1082
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 03 Apr 2011, 01:00
Last modified:06 Aug 2024, 22:14
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.2% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
03 Apr 2011, 01:00
Published
Vulnerability first disclosed
06 Aug 2024, 22:14
Last Modified
Vulnerability information updated
Description
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.20%• Percentile: 42%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- linux•linux_kernel
< 2.6.38
References (6)
- http://openwall.com/lists/oss-security/2011/03/02/2
- https://lkml.org/lkml/2011/2/5/220
- https://bugzilla.redhat.com/show_bug.cgi?id=681575
- http://openwall.com/lists/oss-security/2011/03/02/1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38