CVE-2012-0879 : The I/O implementation for block devices in the Linux kernel before 2.6.33 does

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

Published 2012-05-17 11:00:37

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-0879

Debian » Debian Linux » Version: 6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 2.6.33
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP1
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise High Availability Extension » Version: 11 Update SP1
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0879

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0879

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2012-0879

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0879

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=61cc74fbb87af6aa551a06a370590c9bc07e29d9
https://bugzilla.redhat.com/show_bug.cgi?id=796829

796829 – (CVE-2012-0879) CVE-2012-0879 kernel: block: CLONE_IO io_context refcounting issues
Issue Tracking;Patch;Third Party Advisory
http://www.securitytracker.com/id?1027086

Linux Kernel CLONE_IO Bug Lets Local Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry
http://www.debian.org/security/2012/dsa-2469

Debian -- Security Information -- DSA-2469-1 linux-2.6
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1410-1

USN-1410-1: Linux kernel (EC2) vulnerability | Ubuntu security notices
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0531.html

RHSA-2012:0531 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69f2292063d2caf37ca9aec7d63ded203701bf3
https://github.com/torvalds/linux/commit/b69f2292063d2caf37ca9aec7d63ded203701bf3

block: Fix io_context leak after failure of clone with CLONE_IO · torvalds/linux@b69f229 · GitHub
Patch;Third Party Advisory
https://github.com/torvalds/linux/commit/61cc74fbb87af6aa551a06a370590c9bc07e29d9

block: Fix io_context leak after clone with CLONE_IO · torvalds/linux@61cc74f · GitHub
Patch;Third Party Advisory
http://www.ubuntu.com/usn/USN-1411-1

USN-1411-1: Linux kernel vulnerability | Ubuntu security notices
Third Party Advisory
http://www.ubuntu.com/usn/USN-1408-1

USN-1408-1: Linux kernel (FSL-IMX51) vulnerability | Ubuntu security notices
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/02/23/5

oss-security - Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues
Mailing List;Third Party Advisory
http://secunia.com/advisories/48842

Sign in
Not Applicable

CVEs referencing this url
http://secunia.com/advisories/48545

Sign in
Not Applicable
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

[security-announce] SUSE-SU-2012:0616-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=139447903326211&w=2

'[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server ' - MARC
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-0481.html

RHSA-2012:0481 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33

404 Not Found
Broken Link

Jump to

Vulnerability Details : CVE-2012-0879

Products affected by CVE-2012-0879

Exploit prediction scoring system (EPSS) score for CVE-2012-0879

CVSS scores for CVE-2012-0879

CWE ids for CVE-2012-0879

References for CVE-2012-0879