CVE-2012-3375

Current Description

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Basic Data

PublishedOctober 03, 2012
Last ModifiedAugust 17, 2013
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel3.0.1*******
    2.3OSLinuxLinux Kernel3.0.2*******
    2.3OSLinuxLinux Kernel3.0.3*******
    2.3OSLinuxLinux Kernel3.0.4*******
    2.3OSLinuxLinux Kernel3.0.5*******
    2.3OSLinuxLinux Kernel3.0.6*******
    2.3OSLinuxLinux Kernel3.0.7*******
    2.3OSLinuxLinux Kernel3.0.8*******
    2.3OSLinuxLinux Kernel3.0.9*******
    2.3OSLinuxLinux Kernel3.0.10*******
    2.3OSLinuxLinux Kernel3.0.11*******
    2.3OSLinuxLinux Kernel3.0.12*******
    2.3OSLinuxLinux Kernel3.0.13*******
    2.3OSLinuxLinux Kernel3.0.14*******
    2.3OSLinuxLinux Kernel3.0.15*******
    2.3OSLinuxLinux Kernel3.0.16*******
    2.3OSLinuxLinux Kernel3.0.17*******
    2.3OSLinuxLinux Kernel3.0.18*******
    2.3OSLinuxLinux Kernel3.0.19*******
    2.3OSLinuxLinux Kernel3.0.20*******
    2.3OSLinuxLinux Kernel3.0.21*******
    2.3OSLinuxLinux Kernel3.0.22*******
    2.3OSLinuxLinux Kernel3.0.23*******
    2.3OSLinuxLinux Kernel3.0.24*******
    2.3OSLinuxLinux Kernel3.0.25*******
    2.3OSLinuxLinux Kernel3.0.26*******
    2.3OSLinuxLinux Kernel3.0.27*******
    2.3OSLinuxLinux Kernel3.0.28*******
    2.3OSLinuxLinux Kernel3.0.29*******
    2.3OSLinuxLinux Kernel3.0.30*******
    2.3OSLinuxLinux Kernel3.0.31*******
    2.3OSLinuxLinux Kernel3.0.32*******
    2.3OSLinuxLinux Kernel3.0.33*******
    2.3OSLinuxLinux Kernel3.0.34*******
    2.3OSLinuxLinux Kernel3.1.1*******
    2.3OSLinuxLinux Kernel3.1.2*******
    2.3OSLinuxLinux Kernel3.1.3*******
    2.3OSLinuxLinux Kernel3.1.4*******
    2.3OSLinuxLinux Kernel3.1.5*******
    2.3OSLinuxLinux Kernel3.1.6*******
    2.3OSLinuxLinux Kernel3.1.7*******
    2.3OSLinuxLinux Kernel3.1.8*******
    2.3OSLinuxLinux Kernel3.1.9*******
    2.3OSLinuxLinux Kernel3.1.10*******
    2.3OSLinuxLinux Kernel3.2.1*******
    2.3OSLinuxLinux Kernel3.2.2*******
    2.3OSLinuxLinux Kernel3.2.3*******
    2.3OSLinuxLinux Kernel3.2.4*******
    2.3OSLinuxLinux Kernel3.2.5*******
    2.3OSLinuxLinux Kernel3.2.6*******
    2.3OSLinuxLinux Kernel3.2.7*******
    2.3OSLinuxLinux Kernel3.2.8*******
    2.3OSLinuxLinux Kernel3.2.9*******
    2.3OSLinuxLinux Kernel3.2.10*******
    2.3OSLinuxLinux Kernel3.2.11*******
    2.3OSLinuxLinux Kernel3.2.12*******
    2.3OSLinuxLinux Kernel3.2.13*******
    2.3OSLinuxLinux Kernel3.2.14*******
    2.3OSLinuxLinux Kernel3.2.15*******
    2.3OSLinuxLinux Kernel3.2.16*******
    2.3OSLinuxLinux Kernel3.2.17*******
    2.3OSLinuxLinux Kernel3.2.18*******
    2.3OSLinuxLinux Kernel3.2.19*******
    2.3OSLinuxLinux Kernel3.2.20*******
    2.3OSLinuxLinux Kernel3.2.21*******
    2.3OSLinuxLinux Kernel3.2.22*******
    2.3OSLinuxLinux Kernel********3.2.23

Vulnerable Software List

VendorProductVersions
Linux Linux Kernel *, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.2, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 3.0.27, 3.0.28, 3.0.29, 3.0.3, 3.0.30, 3.0.31, 3.0.32, 3.0.33, 3.0.34, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.1.1, 3.1.10, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.1, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.2, 3.2.20, 3.2.21, 3.2.22, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c4284CONFIRMPATCH
51164http://secunia.com/advisories/51164SECUNIA
USN-1529-1http://ubuntu.com/usn/usn-1529-1UBUNTU
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24CONFIRM
[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOPhttp://www.openwall.com/lists/oss-security/2012/07/04/2MLIST
1027237http://www.securitytracker.com/id?1027237SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=837502https://bugzilla.redhat.com/show_bug.cgi?id=837502CONFIRM
https://downloads.avaya.com/css/P8/documents/100165733https://downloads.avaya.com/css/P8/documents/100165733CONFIRM
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9CONFIRMExploit