CVE-2012-3375

Current Description

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Basic Data

Published	October 03, 2012
Last Modified	August 17, 2013
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access Vector	LOCAL
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	4.9
Severity	MEDIUM
Exploitability Score	3.9
Impact Score	6.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version End Including
2.3	OS	Linux	Linux Kernel	3.0.1	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.2	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.3	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.4	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.5	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.6	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.7	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.8	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.9	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.10	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.11	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.12	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.13	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.14	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.15	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.16	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.17	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.18	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.19	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.20	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.21	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.22	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.23	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.24	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.25	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.26	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.27	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.28	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.29	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.30	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.31	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.32	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.33	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.0.34	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.1	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.2	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.3	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.4	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.5	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.6	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.7	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.8	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.9	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.1.10	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.1	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.2	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.3	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.4	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.5	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.6	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.7	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.8	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.9	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.10	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.11	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.12	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.13	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.14	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.15	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.16	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.17	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.18	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.19	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.20	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.21	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	3.2.22	*	*	*	*	*	*	*
2.3	OS	Linux	Linux Kernel	*	*	*	*	*	*	*	*	3.2.23

Vulnerable Software List

Vendor	Product	Versions
Linux	Linux Kernel	*, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.2, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 3.0.27, 3.0.28, 3.0.29, 3.0.3, 3.0.30, 3.0.31, 3.0.32, 3.0.33, 3.0.34, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.1.1, 3.1.10, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.1, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.2, 3.2.20, 3.2.21, 3.2.22, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9

References

Name	Source	URL	Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c4284	CONFIRM	PATCH
51164	http://secunia.com/advisories/51164	SECUNIA
USN-1529-1	http://ubuntu.com/usn/usn-1529-1	UBUNTU
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24	CONFIRM
[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP	http://www.openwall.com/lists/oss-security/2012/07/04/2	MLIST
1027237	http://www.securitytracker.com/id?1027237	SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=837502	https://bugzilla.redhat.com/show_bug.cgi?id=837502	CONFIRM
https://downloads.avaya.com/css/P8/documents/100165733	https://downloads.avaya.com/css/P8/documents/100165733	CONFIRM
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9	https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9	CONFIRM	Exploit