CVE-2012-0879

Published: 23 February 2012

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

From the Ubuntu security team

Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
Patches:
Introduced by fadad878cc0640cc9cd5569998bf54b693f7b38b
Fixed by 61cc74fbb87af6aa551a06a370590c9bc07e29d9
Introduced by fadad878cc0640cc9cd5569998bf54b693f7b38b
Fixed by b69f2292063d2caf37ca9aec7d63ded203701bf3
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.33~rc1)