Vulnerability identifier: #VU45145
Vulnerability risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 2.6.0 - 2.6.37.6
External links
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
http://openwall.com/lists/oss-security/2011/03/02/1
http://openwall.com/lists/oss-security/2011/03/02/2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://bugzilla.redhat.com/show_bug.cgi?id=681575
http://lkml.org/lkml/2011/2/5/220
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.