The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2011-11-19 01:22 | ALAS-2011-22 |
Amazon Linux 1 | kernel | 2012-07-05 16:19 | ALAS-2012-100 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.9 | AV:L/AC:L/Au:N/C:N/I:N/A:C |
NVD | CVSSv2 | 4.9 | AV:L/AC:L/Au:N/C:N/I:N/A:C |