CVE-2012-0879
Publication date 23 February 2012
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
From the Ubuntu Security Team
Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
linux-armadaxp | ||
linux-ec2 | ||
linux-fsl-imx51 | ||
linux-lts-backport-maverick | ||
linux-lts-backport-natty | ||
linux-lts-backport-oneiric | ||
linux-lts-quantal | ||
linux-lts-raring | ||
linux-mvl-dove | ||
linux-ti-omap4 | ||
Notes
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-1410-1
- Linux kernel (EC2) vulnerability
- 27 March 2012
- USN-1411-1
- Linux kernel vulnerability
- 27 March 2012
- USN-1408-1
- Linux kernel (FSL-IMX51) vulnerability
- 27 March 2012