Executive Summary

Informations
Name CVE-2012-3375 First vendor Publication 2012-10-03
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3375

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21242
 
Oval ID: oval:org.mitre.oval:def:21242
Title: RHSA-2012:1061: kernel security and bug fix update (Moderate)
Description: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Family: unix Class: patch
Reference(s): RHSA-2012:1061-00
CESA-2012:1061
CVE-2012-3375
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23333
 
Oval ID: oval:org.mitre.oval:def:23333
Title: ELSA-2012:1061: kernel security and bug fix update (Moderate)
Description: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Family: unix Class: patch
Reference(s): ELSA-2012:1061-00
CVE-2012-3375
Version: 6
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27194
 
Oval ID: oval:org.mitre.oval:def:27194
Title: ELSA-2012-1061-1 -- kernel security and bug fix update (moderate)
Description: [2.6.18-308.11.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] +- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346]
Family: unix Class: patch
Reference(s): ELSA-2012-1061-1
CVE-2012-3375
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27701
 
Oval ID: oval:org.mitre.oval:def:27701
Title: DEPRECATED: ELSA-2012-1061 -- kernel security and bug fix update (moderate)
Description: [2.6.18-308.11.1.el5] - [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226] - [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226] - [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226] [2.6.18-308.10.1.el5] - [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934} - [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653] - [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626] - [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626] - [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626] - [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131] - [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787] - [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937] - [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900] [2.6.18-308.9.1.el5] - [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247]
Family: unix Class: patch
Reference(s): ELSA-2012-1061
CVE-2012-3375
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27735
 
Oval ID: oval:org.mitre.oval:def:27735
Title: ELSA-2012-2026 -- Unbreakable Enterprise kernel Security update (important)
Description: [2.6.32-300.29.2] - epoll: epoll_wait() should not use timespec_add_ns() (Eric Dumazet) - epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375} - Don't limit non-nested epoll paths (Jason Baron) - epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083} - epoll: limit paths (Jason Baron) {CVE-2011-1083} - eventpoll: fix comment typo 'evenpoll' (Paul Bolle) - epoll: fix compiler warning and optimize the non-blocking path (Shawn Bohrer) - epoll: move ready event check into proper inline (Davide Libenzi) - epoll: make epoll_wait() use the hrtimer range feature (Shawn Bohrer) - select: rename estimate_accuracy() to select_estimate_accuracy() (Andrew Morton) - cred: copy_process() should clear child->replacement_session_keyring (Oleg Nesterov) {CVE-2012-2745}
Family: unix Class: patch
Reference(s): ELSA-2012-2026
CVE-2011-1083
CVE-2012-2745
CVE-2012-3375
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1554

OpenVAS Exploits

Date Description
2012-08-17 Name : Ubuntu Update for linux-lts-backport-oneiric USN-1539-1
File : nvt/gb_ubuntu_USN_1539_1.nasl
2012-08-14 Name : Ubuntu Update for linux-ti-omap4 USN-1514-1
File : nvt/gb_ubuntu_USN_1514_1.nasl
2012-08-14 Name : Ubuntu Update for linux USN-1529-1
File : nvt/gb_ubuntu_USN_1529_1.nasl
2012-08-14 Name : Ubuntu Update for linux-ti-omap4 USN-1532-1
File : nvt/gb_ubuntu_USN_1532_1.nasl
2012-08-14 Name : Ubuntu Update for linux USN-1533-1
File : nvt/gb_ubuntu_USN_1533_1.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:1061 centos5
File : nvt/gb_CESA-2012_1061_kernel_centos5.nasl
2012-07-16 Name : RedHat Update for kernel RHSA-2012:1061-01
File : nvt/gb_RHSA-2012_1061-01_kernel.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1150.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-176.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1061-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2026.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2025.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1061.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120714.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120805.nasl - Type : ACT_GATHER_INFO
2012-08-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1539-1.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1514-1.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1529-1.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1532-1.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1533-1.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120710_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
https://bugzilla.redhat.com/show_bug.cgi?id=837502
https://downloads.avaya.com/css/P8/documents/100165733
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f633895...
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://www.openwall.com/lists/oss-security/2012/07/04/2
SECTRACK http://www.securitytracker.com/id?1027237
SECUNIA http://secunia.com/advisories/51164
UBUNTU http://ubuntu.com/usn/usn-1529-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Date Informations
2024-02-02 01:19:50
  • Multiple Updates
2024-02-01 12:05:53
  • Multiple Updates
2023-11-07 21:46:40
  • Multiple Updates
2023-09-05 12:18:44
  • Multiple Updates
2023-09-05 01:05:45
  • Multiple Updates
2023-09-02 12:18:45
  • Multiple Updates
2023-09-02 01:05:51
  • Multiple Updates
2023-08-12 12:22:33
  • Multiple Updates
2023-08-12 01:05:51
  • Multiple Updates
2023-08-11 12:18:52
  • Multiple Updates
2023-08-11 01:06:01
  • Multiple Updates
2023-08-06 12:18:08
  • Multiple Updates
2023-08-06 01:05:52
  • Multiple Updates
2023-08-04 12:18:12
  • Multiple Updates
2023-08-04 01:05:55
  • Multiple Updates
2023-07-14 12:18:11
  • Multiple Updates
2023-07-14 01:05:49
  • Multiple Updates
2023-03-29 01:20:07
  • Multiple Updates
2023-03-28 12:05:57
  • Multiple Updates
2023-02-13 09:28:39
  • Multiple Updates
2022-10-11 12:16:15
  • Multiple Updates
2022-10-11 01:05:32
  • Multiple Updates
2022-03-11 01:13:14
  • Multiple Updates
2021-05-25 12:10:11
  • Multiple Updates
2021-05-04 12:20:50
  • Multiple Updates
2021-04-22 01:24:51
  • Multiple Updates
2020-08-11 12:07:50
  • Multiple Updates
2020-08-08 01:07:50
  • Multiple Updates
2020-08-07 12:07:58
  • Multiple Updates
2020-08-07 01:08:15
  • Multiple Updates
2020-08-01 12:07:51
  • Multiple Updates
2020-07-30 01:08:14
  • Multiple Updates
2020-05-23 01:49:12
  • Multiple Updates
2020-05-23 00:34:08
  • Multiple Updates
2019-01-25 12:04:48
  • Multiple Updates
2018-11-17 12:03:20
  • Multiple Updates
2018-10-30 12:05:10
  • Multiple Updates
2016-06-30 21:34:48
  • Multiple Updates
2016-06-29 00:27:00
  • Multiple Updates
2016-06-28 19:12:42
  • Multiple Updates
2016-04-26 22:03:43
  • Multiple Updates
2015-05-21 13:29:31
  • Multiple Updates
2014-07-23 13:24:45
  • Multiple Updates
2014-06-14 13:33:09
  • Multiple Updates
2014-02-17 11:11:31
  • Multiple Updates
2013-08-17 17:20:27
  • Multiple Updates
2013-05-10 22:42:15
  • Multiple Updates
2013-03-23 13:18:19
  • Multiple Updates
2013-01-24 13:22:24
  • Multiple Updates