An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent circular epoll dependencies from being created. However, in that case we do not properly clear the 'tfile_check_list'. An unprivileged local user could use this flaw to crash the system. This is a regression introduced via the CVE-2011-1083 (bug #681578) fix (commit 28d82dc1c4edbc352129f97f4ca22624d1fe61de): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=28d82dc1c4edbc352129f97f4ca22624d1fe61de Upstream fix: 13d518074a952d33d47c428419693f63389547e9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=13d518074a952d33d47c428419693f63389547e9 References: https://lkml.org/lkml/2012/3/27/65 https://lkml.org/lkml/2012/4/17/247
Created kernel tracking bugs for this issue Affects: fedora-all [bug 837506]
Assigned CVE-2012-3375 as per: http://www.openwall.com/lists/oss-security/2012/07/04/2
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, since updates fixing CVE-2011-1083 contained a corrected patch that did not introduce this regression. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-1061.html, and Red Hat Enterprise Linux Red Hat Enterprise MRG 2 via https://rhn.redhat.com/errata/RHSA-2012-1150.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1061 https://rhn.redhat.com/errata/RHSA-2012-1061.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1150 https://rhn.redhat.com/errata/RHSA-2012-1150.html