First published: Tue Jan 12 2016(Updated: )
It was found that process could allocate and accumulate far more FDs than the process' limit by sending them over a unix socket then closing them to keep the process' fd count low, which could result into a local DoS against kernel by depleting all available memory. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=712f4aad406b">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=712f4aad406b</a> Discussion: <a href="https://lkml.org/lkml/2015/12/28/155">https://lkml.org/lkml/2015/12/28/155</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Linux | =5.0 | |
Oracle Linux | =6 | |
Oracle Linux | =7 | |
Linux Linux kernel | <=4.4 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4312 is a vulnerability in the Linux kernel that allows local users to bypass file-descriptor limits and cause a denial of service by sending each descriptor over a UNIX socket before closing it.
To exploit CVE-2013-4312, a local user would need to send each file descriptor over a UNIX socket before closing it.
CVE-2013-4312 has a severity level of medium.
To fix CVE-2013-4312, it is recommended to update the Linux kernel to version 4.5~ or later.
More information about CVE-2013-4312 can be found at the following references: [1] [2] [3].