Skip Ribbon Commands
Skip to main content
Mauritian National Computer Security Incident Response Team (CERT-MU)

CERT-MU AD-2012-24

Linux Kernel Multiple Vulnerabilities
Original issue date: February 28, 2012
Updated: May 21, 2012
Severity Rating: Medium
Overview
Multiple vulnerabilities have been identified in Linux Kernel and they can be exploited by remote attackers to cause the denial of service condition. An update has been released to address these vulnerabilities.
Description
Multiple vulnerabilities have been identified in Linux Kernel and they can be exploited by remote attackers to cause denial of service conditions. The vulnerabilities exist because of the following issues:
1.     The Input/Output implementation for block devices in the Linux kernel does not properly handle the CLONE_IO feature. This can be exploited by remote attackers to cause a denial of service (I/O instability) by starting numerous processes that share an I/O context.
2.     The cifs_lookup function in fs/cifs/dir.c in Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
3.     The second vulnerability is caused because the regset feature does not properly handle the absence of .get and .set methods. This can allow remote attackers to cause a denial of service (NULL pointer dereference) or have other unspecified other impact via a PTRACE_GETREGSET or PTRACE_SETREGSET ptrace call.
4.     The third vulnerability occurs because the KVM implementation in the Linux kernel allows host OS users to cause a denial of service by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
Affected Systems
  • Ubuntu Ubuntu Linux 11.10 i386
  • Ubuntu Ubuntu Linux 11.10 amd64
  • Ubuntu Ubuntu Linux 11.04 powerpc
  • Ubuntu Ubuntu Linux 11.04 i386
  • Ubuntu Ubuntu Linux 11.04 ARM
  • Ubuntu Ubuntu Linux 11.04 amd64
  • Ubuntu Ubuntu Linux 10.04 sparc
  • Ubuntu Ubuntu Linux 10.04 powerpc
  • Ubuntu Ubuntu Linux 10.04 i386
  • Ubuntu Ubuntu Linux 10.04 ARM
  • Ubuntu Ubuntu Linux 10.04 amd64
  • SuSE SUSE Linux Enterprise Server Unsupported Extras 11
  • SuSE SUSE Linux Enterprise Server for VMware 11 SP1
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux HPC Node Optional 6
  • Red Hat Enterprise Linux HPC Node 6
  • Red Hat Enterprise Linux Desktop Optional 6
  • Red Hat Enterprise Linux Desktop 6
  • Oracle Enterprise Linux 6.2
List of other affected systems are available on:
Solution
Users are advised to apply updates.
More information about the update is available on:
CVE Information
References
Security Focus
Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
E-mail:


Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis