CVE-2011-1083 — MEDIUM (4.9)

Q: How severe is CVE-2011-1083?

CVE-2011-1083 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1083?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.37.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-400

References

http://article.gmane.org/gmane.linux.kernel/1105744Broken Link
http://article.gmane.org/gmane.linux.kernel/1105888Broken Link
http://article.gmane.org/gmane.linux.kernel/1106686Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/03/02/1Mailing ListPatchThird Party Advisory
http://openwall.com/lists/oss-security/2011/03/02/2Mailing ListPatch
http://rhn.redhat.com/errata/RHSA-2012-0862.htmlThird Party Advisory
http://secunia.com/advisories/43522Third Party Advisory
http://secunia.com/advisories/48115Third Party Advisory
http://secunia.com/advisories/48410Third Party Advisory
http://secunia.com/advisories/48898Third Party Advisory
http://secunia.com/advisories/48964Third Party Advisory
http://www.osvdb.org/71265Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=681578Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2011-1083?

CVE-2011-1083 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) v...

How severe is CVE-2011-1083?

CVE-2011-1083 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1083?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.