Date: Tue, 1 Mar 2011 20:56:46 -0500 From: Nelson Elhage <nelhage@...lice.com> To: oss-security@...ts.openwall.com Subject: CVE request: kernel: Multiple DoS issues in epoll Two requests for bugs in epoll: (1) The epoll subsystem in Linux did not prevent users from creating circular epoll file structures, potentially leading to a denial of service (kernel deadlock). Reference: https://lkml.org/lkml/2011/2/5/220 Upstream commit: http://git.kernel.org/linus/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e (2) The epoll subsystem allows users to create large nested epoll structures, which the kernel will then to walk with preemption disabled, causing a denial of service via excessive CPU consumption in the kernel. References: http://thread.gmane.org/gmane.linux.kernel/1105744 http://thread.gmane.org/gmane.linux.kernel/1105744/focus=1105888 No upstream fix yet for this one. - Nelson
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.