First published: Thu Feb 23 2012(Updated: )
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <2.6.33 | |
Ubuntu Linux | =10.04 | |
Debian GNU/Linux | =6.0 | |
SUSE Linux Enterprise Desktop with Beagle | =11-sp1 | |
SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
SUSE Linux Enterprise High Availability | =11-sp1 | |
SUSE Linux Enterprise Server | =11-sp1 | |
suse linux enterprise server vmware | =11-sp1 | |
SUSE Linux Enterprise Server | =11-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-0879 has a moderate severity rating as it can lead to denial of service and I/O instability.
CVE-2012-0879 affects various versions of the Linux kernel prior to 2.6.33, as well as some specific Linux distributions like Ubuntu 10.04 and Debian 6.0.
To fix CVE-2012-0879, users should upgrade to a Linux kernel version that is 2.6.33 or later.
CVE-2012-0879 is exploited through the improper handling of the CLONE_IO feature which allows local users to create I/O instability.
The impact of CVE-2012-0879 is primarily the potential for denial of service attacks that disrupt I/O operations on affected systems.