CVE-2011-4621
kernel: tight loop and no preemption can cause system stall
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
El kernel de Linux antes de v2.6.37 no aplica la optimización de una actualización de reloj, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo del sistema) a través de una aplicación que ejecuta código en un bucle.
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-29 CVE Reserved
- 2012-03-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 | Broken Link | |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f26f9aff6aaf67e9a430d16c266f91b13a5bff64 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2011/12/21/6 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=769711 | 2011-12-22 | |
https://github.com/torvalds/linux/commit/f26f9aff6aaf67e9a430d16c266f91b13a5bff64 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2011-4621 | 2011-12-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
|