CVE-2011-1082
published 2011-04-04CVE-2011-1082: fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed…
PriorityP419medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.78%
51.2th percentile
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | < 2.6.38 | 2.6.38 |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_ubuntu7.2HIGH
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 2.1
CVE-2011-1171 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of
Ubuntu
Linux kernel (i.MX51) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 6.9
CVE-2011-2918 [MEDIUM] Linux kernel (i.MX51) vulnerabilities
Title: Linux kernel (i.MX51) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered t
Ubuntu
Linux kernel (Maverick backport) vulnerabilities
vendor_ubuntu·2011-08-09·CVSS 4.9
CVE-2010-3698 [MEDIUM] Linux kernel (Maverick backport) vulnerabilities
Title: Linux kernel (Maverick backport) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Thomas Pollet discovered that the RDS network protocol did not check
certain iovec buffers. A local attacker could exploit this to crash the
system or possibly execute arbitrary code as the root user. (CVE-2010-3865)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-06-28·CVSS 2.1
CVE-2010-4529 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel vulnerabilities have been fixed.
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
into the /proc filesystem. A local attacker could use this to increase the
chances of a successful memory corruption exploit. (CVE-2010-4565)
Kees Cook discovered that the IOWarrior USB device driver did not correctly
check certain size fields. A local attacker with physical access could plug
in a specially crafted USB device to crash the system or potentially gain
root privileges. (CVE-2010-4656)
Goldwyn Rodrigues
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-06-01·CVSS 4.9
CVE-2011-1573 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel vulnerabilities have been fixed.
Brad Spengler discovered that the kernel did not correctly account for
userspace memory allocations during exec() calls. A local attacker could
exploit this to consume all system memory, leading to a denial of service.
(CVE-2010-4243)
Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not
correctly handle certain configurations. If such a device was configured
without VLANs, a remote attacker could crash the system, leading to a
denial of service. (CVE-2010-4263)
Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Dan Ros
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)
vendor_ubuntu·2011-03-25·CVSS 7.2
CVE-2010-2478 [HIGH] Linux Kernel vulnerabilities (Marvell Dove)
Title: Linux Kernel vulnerabilities (Marvell Dove)
Summary: An attacker could send crafted input to the kernel and cause it to
crash.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hutchings discovered that the ethtool interface did not correctly check
certain sizes. A local attacker could perform malicious ioctl calls that
could crash the system, leadin
Red Hat
kernel: potential kernel deadlock when creating circular epoll file structures
vendor_redhat·2011-02-05·CVSS 4.9
CVE-2011-1082 [MEDIUM] kernel: potential kernel deadlock when creating circular epoll file structures
kernel: potential kernel deadlock when creating circular epoll file structures
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Statement: This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0542.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html.
Package: kernel (Red Hat Enterprise Linux 4) - Affected
Package: kernel (Re
GHSA
GHSA-9r52-fvvv-j5xf: fs/eventpoll
ghsa_unreviewed·2022-05-13
CVE-2011-1082 [MEDIUM] CWE-400 GHSA-9r52-fvvv-j5xf: fs/eventpoll
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64ehttp://openwall.com/lists/oss-security/2011/03/02/1http://openwall.com/lists/oss-security/2011/03/02/2http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38https://bugzilla.redhat.com/show_bug.cgi?id=681575https://lkml.org/lkml/2011/2/5/220http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64ehttp://openwall.com/lists/oss-security/2011/03/02/1http://openwall.com/lists/oss-security/2011/03/02/2http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38https://bugzilla.redhat.com/show_bug.cgi?id=681575https://lkml.org/lkml/2011/2/5/220
2011-04-04
Published