CVE-2011-1082
First published: Wed Mar 02 2011(Updated: )
Description of problem: In several places, an epoll fd can call another file's ->f_op->poll() method with ep->mtx held. This is in general unsafe, because that other file could itself be an epoll fd that contains the original epoll fd. The code defends against this possibility in its own ->poll() method using ep_call_nested, but there are several other unsafe calls to ->poll elsewhere that can be made to deadlock. For example, the following simple program causes the call in ep_insert recursively call the original fd's ->poll, leading to deadlock References: <a href="https://lkml.org/lkml/2011/2/5/220">https://lkml.org/lkml/2011/2/5/220</a> <a href="http://seclists.org/oss-sec/2011/q1/337">http://seclists.org/oss-sec/2011/q1/337</a> Upstream commit: <a href="http://git.kernel.org/linus/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e">http://git.kernel.org/linus/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e</a> Acknowledgements: Red Hat would like to thank Nelson Elhage for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux kernel | <2.6.38 | |
| Linux Kernel | <2.6.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2011/03/02/1
- https://bugzilla.redhat.com/show_bug.cgi?id=681575
- http://openwall.com/lists/oss-security/2011/03/02/2
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
- https://lkml.org/lkml/2011/2/5/220
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
- http://seclists.org/oss-sec/2011/q1/337
- http://git.kernel.org/linus/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
- https://rhn.redhat.com/errata/RHSA-2011-0500.html
- https://rhn.redhat.com/errata/RHSA-2011-0542.html
- https://rhn.redhat.com/errata/RHSA-2011-0883.html
- https://launchpad.net/bugs/cve/CVE-2011-1082
- https://security-tracker.debian.org/tracker/CVE-2011-1082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1082
- https://nvd.nist.gov/vuln/detail/CVE-2011-1082
- https://ubuntu.com/security/CVE-2011-1082
Frequently Asked Questions
What is the severity of CVE-2011-1082?
CVE-2011-1082 is classified as a medium severity vulnerability due to the risks it poses to system stability and potential denial-of-service scenarios.
How do I fix CVE-2011-1082?
To fix CVE-2011-1082, upgrade to a kernel version later than 2.6.38 that addresses this vulnerability.
What are the potential impacts of CVE-2011-1082?
The potential impacts of CVE-2011-1082 include system crashes and instability due to unsafe polling operations involving epoll file descriptors.
Which systems are affected by CVE-2011-1082?
CVE-2011-1082 affects versions of the Linux kernel prior to 2.6.38.
Is CVE-2011-1082 easy to exploit?
Exploitation of CVE-2011-1082 requires specific conditions and knowledge of the system's file descriptor operations, making it moderately difficult to exploit.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1082
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel