![]() |
|
Date: Wed, 2 Mar 2011 08:57:27 -0500 (EST) From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: nelhage@...lice.com Subject: Re: CVE request: kernel: Multiple DoS issues in epoll ----- Original Message ----- > Two requests for bugs in epoll: > > (1) The epoll subsystem in Linux did not prevent users from creating > circular > epoll file structures, potentially leading to a denial of service > (kernel > deadlock). > > Reference: https://lkml.org/lkml/2011/2/5/220 > Upstream commit: > http://git.kernel.org/linus/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e Please use CVE-2011-1082. > (2) The epoll subsystem allows users to create large nested epoll > structures, > which the kernel will then to walk with preemption disabled, causing a > denial of > service via excessive CPU consumption in the kernel. > > References: > http://thread.gmane.org/gmane.linux.kernel/1105744 > http://thread.gmane.org/gmane.linux.kernel/1105744/focus=1105888 > > No upstream fix yet for this one. Please use CVE-2011-1083. Thank you, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.