CVE Vulnerabilities

CVE-2011-1083

Uncontrolled Resource Consumption

Published: Apr 04, 2011 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
4.9 MODERATE
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V3
Ubuntu
LOW

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 2.6.37.2 (including)
Red Hat Enterprise Linux 5 RedHat kernel-0:2.6.18-308.el5 *
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-279.el6 *
Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only RedHat kernel-0:2.6.32-220.24.1.el6 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-0:3.0.25-rt44.57.el6rt *
Linux Ubuntu karmic *
Linux Ubuntu maverick *
Linux Ubuntu natty *
Linux-armadaxp Ubuntu upstream *
Linux-ec2 Ubuntu karmic *
Linux-ec2 Ubuntu maverick *
Linux-ec2 Ubuntu upstream *
Linux-fsl-imx51 Ubuntu karmic *
Linux-fsl-imx51 Ubuntu lucid *
Linux-lts-backport-maverick Ubuntu lucid *
Linux-lts-backport-maverick Ubuntu upstream *
Linux-lts-backport-natty Ubuntu lucid *
Linux-lts-backport-natty Ubuntu upstream *
Linux-lts-backport-oneiric Ubuntu upstream *
Linux-lts-quantal Ubuntu upstream *
Linux-mvl-dove Ubuntu karmic *
Linux-mvl-dove Ubuntu lucid *
Linux-mvl-dove Ubuntu maverick *
Linux-ti-omap4 Ubuntu maverick *
Linux-ti-omap4 Ubuntu natty *
Linux-ti-omap4 Ubuntu upstream *

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References