-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0081 Title: Linux kernel epoll can leak file descriptors when returning -ELOOP [1] Version history: 07.07.2012 Initial publication Summary ======= Linux Kernel is vulnerable to a denial of service, caused by an error related to adding epoll file descriptors in each other in circle. [2] CVE-2011-4131 CVSS v2 Base Score:4.9 (MEDIUM) (AV:L/AC:N/Au:N/C:N/I:N/A:C) [4] Vulnerable systems ================== Linux Kernel 3.2 Linux Kernel 3.2.1 Linux Kernel 3.2.12 Original Details ================ An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP'; to prevent circular epoll dependencies from being created. However, in that case we do not properly clear the 'tfile_check_list';. An unprivileged local user could use this flaw to crash the system. [3] What can you do? ================ Fix is available. [5] What to tell your users? ======================== N/A More information ================ [1] https://access.redhat.com/security/cve/CVE-2012-3375 [2] http://xforce.iss.net/xforce/xfdb/76745 [3] https://http://seclists.org/oss-sec/2012/q3/7 [4] More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html [5] http://www.kernel.org/ Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJP9rCAOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4NFxA//YFaAyRo8 XtlaDcArC0e/VbIEJ1S9M70DYIw5kG6FUvi+SY7HZuK1C1qvdyLlhJ3mg9nh4dnD VeP+UVRvGp4BvgvpAszDYf9qXIbY3BgNJ/5+UdB8xjo9usyHYEl7FUmyGXeJCu38 dNMLQKx9j4b66YuISxGY/eTC3BRQuIOOiLczJQDqdunh6Wb/R08nflai9jEICdIn 8CuOw8AOq0vw4dtY3L7y1gvPUTtYLHJkgOSo2sFqx/o/pVK9HjI6O5JXsQC0OFCM meCkfECLgU+cr+avUkAyDxnBgMIrWv9oZCb14c6QtIckpGVQKeno9tZg39EmuZAH LVZoztbC2MBlB/GN1p8TS95ey3vPH7jLaeoJcTbCjiFicHfzGLSjjs6puLPGWry+ v3wDwubD9CNJS+PBo5y20X8y4nUqeHzOckUZ89Bgp8oVApOoSXS6KYDLM52rgkhp PMA6fAi6KE2a5v8wrxSmn+Lh/dP1tW/uXgzc437hIFfTSRZmCdILK7tn0Cdc7zm5 Vs9DbK5xnrzI4ZccZjinfOehCdXUMzw3y97Rdufap7aB3jYOx2xMyIVhE2Ks9+x+ 3ajN+n8k9REB8uzJAXwbITA8QFX1VvyimdDV0qzphxR0Zlg7BF7tU34zAwi6mpvO CAgFuqLyruGtGijApGZcwX+6pGaSg5yBRX4= =y+aP -----END PGP SIGNATURE-----