CVE-1999-1285 in Linux
Summary
by MITRE
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/17/2026
This vulnerability exists in Linux kernel versions 2.1.132 and earlier where a local attacker can exploit a resource exhaustion flaw by performing large buffer reads from random device files such as /dev/urandom. The issue stems from the kernel's handling of read operations on these special device files where the system cannot interrupt the read process until the entire buffer has been processed. This creates a significant denial of service condition as the attacker can consume system resources indefinitely until the read operation completes, effectively blocking other processes from accessing the system's random number generation facilities.
The technical flaw manifests in the kernel's implementation of the read system call for character device files, particularly those that generate random data. When a process attempts to read large amounts of data from /dev/urandom or similar random devices, the kernel's underlying implementation does not properly handle interruption signals during the read operation. This behavior violates the expected interruptibility of system calls and creates a scenario where processes can monopolize system resources without being responsive to termination signals. The vulnerability is classified under CWE-400 as an Uncontrolled Resource Consumption weakness, specifically related to improper handling of resource allocation and deallocation in kernel space.
The operational impact of this vulnerability extends beyond simple denial of service as it can severely degrade system performance and availability. Local users can exploit this weakness to exhaust memory and CPU resources, potentially causing system instability or complete system hangs. The attack is particularly dangerous because it requires no special privileges beyond basic user access, making it a significant concern for multi-user systems where local users might attempt to disrupt system operations. This vulnerability directly impacts the system's ability to provide random number generation services which are critical for cryptographic operations, network security protocols, and various other system functions that depend on secure randomness.
Mitigation strategies should focus on implementing proper kernel updates to versions that address this resource handling issue. System administrators should ensure that all Linux systems are running patched kernel versions that properly handle interruption signals during read operations on random device files. Additionally, monitoring systems should be implemented to detect unusual resource consumption patterns that might indicate exploitation attempts. The vulnerability demonstrates the importance of proper signal handling in kernel space operations and aligns with ATT&CK technique T1499.004 for Network Denial of Service, though applied at the kernel level rather than network level. Organizations should also consider implementing resource limits and process monitoring to prevent single processes from consuming excessive system resources. Regular kernel updates and security audits are essential to prevent exploitation of similar vulnerabilities in the kernel's device handling mechanisms.