ALAS-2012-100 --- kernelID: oval:org.secpod.oval:def:1601293 | Date: (C)2020-11-27 (M)2024-02-19 |
Class: PATCH | Family: unix |
A flaw was found in the way the Linux kernel"s Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.A malicious Network File System version 4 server could return a crafted reply to a GETACL request, causing a denial of service on the client.The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service by establishing an RDS connection with the source IP address equal to the IPoIB interface"s own IP address, as demonstrated by rds-ping.
Platform: |
Amazon Linux AMI |