CVE-2011-2918

Published: 25 August 2011

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

From the Ubuntu security team

The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
Patches:
Introduced by 0793a61d4df8daeac6492dbf8d2f3e5713caae5e
Fixed by a8b0ca17b80e92faab46ee7179ba9e99ccb61233
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.1~rc1)