385935 – (CVE-2011-2497) Kernel: linux >= 2.6.39.1 error due to the TASKSTATS netlink interface (kernel/taskstats.c) (CVE-2011-2497)

Bug 385935 (CVE-2011-2497) - Kernel: linux >= 2.6.39.1 error due to the TASKSTATS netlink interface (kernel/taskstats.c) (CVE-2011-2497)

Summary: Kernel: linux >= 2.6.39.1 error due to the TASKSTATS netlink interface (kerne...

Status:	RESOLVED FIXED

Alias:	CVE-2011-2497

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/44754/
Whiteboard:	[linux >= 2.6.39.1]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-06 20:24 UTC by Michael Harrison
Modified:	2013-09-04 03:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2011-10-06 20:24:32 UTC

An error due to the TASKSTATS netlink interface (kernel/taskstats.c) allowing a process to register multiple listeners for exit statistics, which can be exploited to cause the kernel to consume memory and CPU resources resulting in a DoS.

Comment 1 Michael Harrison 2012-01-31 11:36:25 UTC

Original Advisory:
http://seclists.org/oss-sec/2011/q2/664

Solution:
Fixed in version version 2.6.39.3 and 2.6.35.14