CVE-2012-1146
MEDIUMLinux Kernel < 3.2.10 - Denial of Service via Memory Threshold Event Handling
Title source: llmDescription
The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48898
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/07/3
Mailing List, Patch, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48964
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73711
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=371528caec553785c37f73fa3926ea0de84f986f
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=800813
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
26.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (5)
fedoraproject/fedora
16
linux/linux_kernel
< 3.2.10
suse/linux_enterprise_desktop
11 sp2
suse/linux_enterprise_high_availability_extension
11 sp2
suse/linux_enterprise_server
11 sp2 (2 CPE variants)
Published
May 17, 2012
Tracked Since
Feb 18, 2026