Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2012-0879 |
CWE-ID | CWE-400 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU44073
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-0879
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.32.58
External linkshttp://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=61cc74fbb87af6aa551a06a370590c9bc07e29d9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69f2292063d2caf37ca9aec7d63ded203701bf3
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://rhn.redhat.com/errata/RHSA-2012-0481.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://secunia.com/advisories/48545
http://secunia.com/advisories/48842
http://www.debian.org/security/2012/dsa-2469
http://www.openwall.com/lists/oss-security/2012/02/23/5
http://www.securitytracker.com/id?1027086
http://www.ubuntu.com/usn/USN-1408-1
http://www.ubuntu.com/usn/USN-1410-1
http://www.ubuntu.com/usn/USN-1411-1
http://bugzilla.redhat.com/show_bug.cgi?id=796829
http://github.com/torvalds/linux/commit/61cc74fbb87af6aa551a06a370590c9bc07e29d9
http://github.com/torvalds/linux/commit/b69f2292063d2caf37ca9aec7d63ded203701bf3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.